Assessing the Cybersecurity of New or Existing IACS Systems (IC33)

Assessing the Cybersecurity of New or Existing IACS Systems (IC33)

Regular price
Sale price

Assessing the Cybersecurity of New or Existing IACS Systems (IC33)

Length: 3 days
CEU Credits: 2.1
Course Hours: 8:00 a.m.-4:00 p.m.



The first phase in the IACS Cybersecurity Lifecycle (defined in ISA 62443-1-1) is to identify and document IACS assets and perform a cybersecurity vulnerability and risk assessment in order to identify and understand the high-risk vulnerabilities that require mitigation. Per ISA 62443-2-1, these assessments need to be performed on both new (i.e. greenfield) and existing (i.e. brownfield) applications. Part of the assessment process involves developing a zone and conduit model of the system, identifying security level targets, and documenting the cybersecurity requirements into a cybersecurity requirements specification (CRS).

This course will provide students with the information and skills to assess the cybersecurity of a new or existing IACS and to develop a CRS that can be used to document the cybersecurity requirements for a project.


You will be able to:

  • Identify and document the scope of the IACS under assessment
  • Specify, gather, or generate the cybersecurity information required to perform the assessment
  • Identify or discover cybersecurity vulnerabilities inherent in the IACS' products or system design
  • Organize and facilitate a cybersecurity risk assessment for an IACS
  • Identify and evaluate realistic threat scenarios
  • Identify gaps in existing policies, procedures, and standards
  • Establish and document security zones and conduits
  • Develop a cybersecurity requirements specification (CRS)


Classroom/Laboratory Exercises:

  • Critiquing system architecture diagrams
  • Asset Inventory
  • Gap Assessment
  • Windows Vulnerability Assessment
  • Capturing Ethernet Traffic
  • Port Scanning
  • Using Vulnerability Scanning Tools
  • Perform a high-level risk assessment
  • Creating a zone & conduit diagram
  • Perform a detailed cyber risk assessment
  • Critiquing a cybersecurity requirements specification


Who should attend?

  • Control systems engineers and managers
  • System integrators
  • IT engineers and managers of industrial facilities
  • IT corporate/security professionals
  • Plant Safety and Risk Management

To register for this course Contact ISA or  email



Have a Question?

Be the first to ask a question about this.

Ask a Question