Assessing the Cybersecurity of New or Existing IACS Systems (IC33)
Length: 3 days
CEU Credits: 2.1
Course Hours: 8:00 a.m.-4:00 p.m.
Description:
The first phase in the IACS Cybersecurity Lifecycle (defined in ISA 62443-1-1) is to identify and document IACS assets and perform a cybersecurity vulnerability and risk assessment in order to identify and understand the high-risk vulnerabilities that require mitigation. Per ISA 62443-2-1, these assessments need to be performed on both new (i.e. greenfield) and existing (i.e. brownfield) applications. Part of the assessment process involves developing a zone and conduit model of the system, identifying security level targets, and documenting the cybersecurity requirements into a cybersecurity requirements specification (CRS).
This course will provide students with the information and skills to assess the cybersecurity of a new or existing IACS and to develop a CRS that can be used to document the cybersecurity requirements for a project.
You will be able to:
-
Identify and document the scope of the IACS under assessment
-
Specify, gather, or generate the cybersecurity information required to perform the assessment
-
Identify or discover cybersecurity vulnerabilities inherent in the IACS' products or system design
-
Organize and facilitate a cybersecurity risk assessment for an IACS
-
Identify and evaluate realistic threat scenarios
-
Identify gaps in existing policies, procedures, and standards
-
Establish and document security zones and conduits
-
Develop a cybersecurity requirements specification (CRS)
Classroom/Laboratory Exercises:
-
Critiquing system architecture diagrams
-
Asset Inventory
-
Gap Assessment
-
Windows Vulnerability Assessment
-
Capturing Ethernet Traffic
-
Port Scanning
-
Using Vulnerability Scanning Tools
-
Perform a high-level risk assessment
-
Creating a zone & conduit diagram
-
Perform a detailed cyber risk assessment
-
Critiquing a cybersecurity requirements specification
Who should attend?
-
Control systems engineers and managers
-
System integrators
-
IT engineers and managers of industrial facilities
-
IT corporate/security professionals
-
Plant Safety and Risk Management
To register for this course Contact ISA or email info@pointfar.com
QUESTIONS & ANSWERS
Have a Question?
Be the first to ask a question about this.