Recommend or Share:
The purpose of course 2161 is to manage the development and incorporation of the necessary and sufficient actions to mitigate all the intolerable risks identified during the risk assessment. Complying with the requirements of the ISA/IEC-62443 series of standards in a manner consistent with the other industrial risk disciplines. Additionally, comply with requirements of popular regulations.
The proper implementation of compensatory protections, with minimal interference in plant activities, is essential for those systems that are in operation with the main objective of creating industrial infrastructures resilient to all types of threats, even the most persistent.
Development of industrial cybersecurity specifications (CSRS) and influence the design of industrial and plant systems to ensure that industrial plants will be operated with all cyber risks mitigated from the start-up of the new system.
The course is developed entirely using the exclusive methodology (WBS Cybersecurity Framework), covering 100% with the requirements of the ISA / IEC-62443 series of standards and complementary to popular regulations, in an easy and fundamentally practical way.
At the end of the 2161 course, you will be able to:
- Understand and use the results of the Cyber Risk Assessment (ASSESSMENT).
- In existing systems, incorporate by design the recommendations obtained in the previous stage (ASSESSMENT).
- Define the optimal architecture, design the incorporation of necessary changes as a result of detailed risk analysis.
- Visualize, monitor and manage the progress of cybersecurity for each zone and pipeline as recommendations are incorporated.
- Visualize how the current security level (SLA) is approaching the target security level (SLT).
- Elaboration of industrial cybersecurity specifications (CSRS) for zones and ducts.
- Prioritize the implementation of security recommendations based on the greatest contribution to risk reduction, cost, effort, Security Level Capability, etc.
- Even operating the system below risk tolerance, you can create policies to monitor and supervise incidents of remaining risks.
- Define and configure the appropriate cybersecurity policies for each zone and conduit, necessary for the next stage of monitoring and maintenance (MAINTENANCE)
You will cover in course 2161 the following topics:
- Design of Zones and Ducts to comply with the safety recommendations of the previous phase, ensuring risk mitigation with efficiency and effectiveness.
- Incorporate the requirements of standards and regulations, such as:
- International standards ISA/IEC-62443
- National Standards, Laws, and Regulations (NIST, NERC, C2M2, etc.)
- Development of their own rules and regulations.
- Design and elaboration of the Industrial Cybersecurity Specifications (CSRS) in Zones and Ducts for systems in the engineering phase, complying with the FR, SR, and RE of the ISA / IEC-62443-3-3 standard.
- Implementation of security in Zones and Conduits, prioritizing countermeasures according to effectiveness and efficiency to mitigate residual cyber risk, maintaining consistency between:
- Procedural countermeasures,
- Technological Countermeasures, and
- Physical countermeasures.
- Manage the implementation of countermeasures for the effective, reliable and credible mitigation of Industrial Cyber Risk until reaching the Tolerable Risk by the organization.
- Design specifications for detection, monitoring and alerting systems (ARMS) for the rationalization of alerts and event response plans, minimizing false positives. This specification is the entry into the MAINTAIN (Operation and Maintenance) phase.
- For industrial systems with unmitigated risk,
- For industrial systems with mitigated risk.
Who is it for?
- Recommended for all professionals dedicated to the design and / or implementation of: industrial systems, industrial networks, monitoring systems, industrial cybersecurity, monitoring systems, detection, access control, segmentation, and all aspects of security related to industrial systems.
- The participation of IT security managers, system integrators, suppliers of industrial control systems, plant engineers, production management and plant operation, industrial safety, specialists in safety instrumented systems and maintenance personnel is recommended; whether they are high or middle management.
Requirements:
Requires having completed and passed the 2160. It is recommended that the professional has knowledge of some of the following:
- International Cybersecurity Standards by industry consensus, ISA/IEC-62443.
- ISO-27000 Corporate Cybersecurity or Information Security Standards.
- Industrial risk management standards such as ISA/IEC-61511, functional safety.
- National regulations and/or standards such as NIST, NERC, and others.
- Experience in corporate project management and cultural change management.
- Other industrial risk management standards (worker safety, environmental safety, etc.)
Deliverables:
Participants will receive through the educational platform the material in digital form, including the following materials.
- Access to course 2161 lessons online.
- Various documents, videos, and supplementary material for participants to deepen.
- Access to the Educational Campus to download supplementary information and software.
Certificates:
A first certificate of knowledge is issued upon completion of course 2161
- Certificate: “Practitioner of Design and Implementation of Cybersecurity in Industrial Systems”
- CRE credits: 1,6
- The certification exam is taken in class at the end of the course. Available in Spanish, Portuguese, and English.
A second certificate of experience is issued after practical implementation in real projects.
- Certificate: “Expert in Design and Implementation of Cybersecurity in Industrial Systems”
- CRE credits: cumulative, depending on the duration of the activities carried out by the practitioner.
- The certificate is issued after a demonstration of practical experience with the active participation of the practitioner in real projects making use of the methodology.
Recognitions:
All participants who meet the course requirements and successfully pass the final exam with a good grade will be awarded a Digital Badge. The Digital Badge certifies that the participant has attended the 2161 training course and has executed the final evaluation test with a good grade, verifying that said participant has assimilated the new knowledge reasonably.
All practitioners who develop and demonstrate active participation in the different activities of the methodology, and who have accumulated a minimum number of hours of attendance in each of the specific activities. They will be eligible to obtain the corresponding certificate of experience. Supervision by a certified project leader is required. Process similar to the hours of an airplane pilot.