WisePlant – A WiseGroup Company
IC37/2137 Operation and maintenance for industrial cybersecurity

2137: Operation and Maintenance of Cybersecurity in Industrial Systems (IC37)

Recommend or share the IC37/2137 course:

The third phase in the Cybersecurity in Industrial Systems (IACS ) lifecycle – defined in ISA/IEC-62443-1-1) focuses on activities associated with ongoing operations and the maintenance of Cybersecurity. This involves performing diagnostics and troubleshooting, monitoring security, responding to incidents, and maintaining the cybersecurity countermeasures implemented in the design and implementation phase.

This phase also includes security management of recovery, backup and cybersecurity procedures and periodic audits. The IC37 course will provide students with the information and skills to detect and troubleshoot cybersecurity issues in the face of potential events, as well as the skills to maintain the level of security of an operating system throughout its lifecycle despite the challenges of a changing environment with all its threats.

Main objective of the course IC37/2137

Once the changes for effective and efficient risk mitigation have been implemented and verified at the end of the development and implementation phase, the plant is out of cyber danger. That is to say that it is no longer expected that unbearable consequences may occur. However, to maintain a safe and continuous operation over time without degrading security, it is necessary to carry out preventive or corrective maintenance activities related to industrial cybersecurity.

It is of fundamental importance that the user understands what are the requirements of the ISA/IEC-62443 series of standards, necessary to maintain a safe and calm operation out of danger, during this third phase of the life cycle of industrial systems, which will surely be the longer in time.

With the 2137 course, you will be able to

  • Perform diagnostics and solution of basic problems of industrial networks
  • Interpret device results as diagnostic alarms and event logs
  • Implement backup and restore procedures for industrial systems
  • Describe the IACSs lifecycle and patch and update management procedure
  • Apply an antivirus management procedure
  • Define the basics of controlling applications and tools by whitelisting
  • Define the basics of the network and HOST for intrusion detection
  • Define security incident basics and event monitoring tools
  • Implement an incident response plan
  • Implement a management of the IACS change procedure
  • Perform a basic computer security audit in IACS

The following topics will be covered

  • Introduction to the ICS Cybersecurity Lifecycle
    • Identification and evaluation phase
    • Phase of Design and Implementation
    • Operations and Maintenance Phase
  • Network diagnostics and troubleshooting
    • Interpretation of device alarms and event logs
    • The first indicators
    • network intrusion detection systems
    • network management tools
  • Application diagnostics and troubleshooting
    • Interpretation of OS alarms, applications, and event logs
    • The first indicators
    • managing applications and whitelisting tools
    • Antivirus and endpoint protection tools
    • Security Incidents and Event Monitoring (SIEM) tools
  • Procedures and tools for the operation of the IACS Cybersecurity
    • Development and monitoring of a management of the IACS change procedure
    • Development and follow-up of an IACS backup procedure
    • IACS Configuration Management Tools
    • Development and monitoring of an IACS patch management procedure
    • patch management tools
    • Development and monitoring of an IACS antivirus management procedure
    • Antivirus and whitelist tools
    • Development and follow-up of a cybersecurity audit procedure of the IACS
    • audit tools
  • IACS Incident Response
    • Development and follow-up of an IACS incident response plan
    • Investigation of the incident
    • System Recovery

Practical exercises to be done in class

  • Asset inventory
  • ICS Device Hardening
  • Disabling USB storage devices
  • Restrict access to USB drives
  • Application Control / Whitelisting
  • Microsoft Windows Software Update Services (WSUS)
  • PLC backup and configuration management
  • Change Management (MOC form)
  • Event detection tracking and vulnerability scanning log monitoring
  • Capture packet network analysis
  • Troubleshooting and Forensics.


  • Have taken and passed the IC32, TS06, TS12 and TS20 Courses.

To take Certification Exam 4 “ISA/IEC-62443 Cybersecurity Maintenance Specialist” the participant must have passed Certification Exam 3 “ISA/IEC-62443 Cybersecurity Design Specialist”.


Participants will receive in the class (face-to-face) at home (virtual) access to the following materials. Optional printed material may be provided at an additional cost.

  • Printed course lessons.
  • ISA/IEC-62443 standards used in the course.
  • Educational campus to download complementary information and software.
  • Laboratory workshops.
  • Eligibility to obtain the official certificate. (Requires 100% assistance).

Certification N° 4 “ISA/IEC-62443 Cybersecurity Maintenance Specialist”

  • CRE Credits: 2,1
  • CEU Credits: 2.1 (Awarded by ISA)
  • The Exam to obtain the professional certification is taken separately, with a maximum period of up to 6 months of completion of the course. Presently, the exam is taken only in English Language.
  • UPDATED: The professional certification exam is included in the price. You can add as many opportunities as you need within 6 months of finishing the course, paying the additional Fee of USD 150,- for each new opportunity.


2137: Operation and Maintenance of Cybersecurity in Industrial Systems (IC37) 3All participants who meet the course requirements and who successfully pass the final exam with a good grade will be awarded a Digital Badge. The digital badge certifies that the participant has attended the 2137 training course and has taken the final evaluation test with a good grade, verifying that said participant has assimilated the new knowledge reasonably.

Professional certificate of international recognition

All participants who have successfully completed 100% of the objectives of the IC37 course will be able to take the IC37 CyberSecurity Maintenance Specialist international validity certification exam at the SCANTRON authorized facilities. Students who have successfully completed the course will have multiple opportunities over a maximum period of 6 months to take the exam and thus obtain their professional certification. The professional certification exam is of the multiple choice type and is developed only in English. Therefore, participants are required to have good command of the written technical English language.