The use of open standards such as Ethernet, TCP/IP, and web technologies in supervisory control and data acquisition (SCADA) and production process control networks, has begun to expose these systems to the same cyberattacks that have wreaked so much havoc on corporate information systems. This course provides a detailed look at how ISA/IEC-62443 standards can be used to protect your critical control systems. This also explores the procedural and technical differences between traditional security for IT environments and those appropriate solutions for SCADA or plant floor environments. Obtain the Professional Certification of International Validity “Industrial CyberSecurity Fundamentals Specialist” of ISA99. This is the first stage in the ISA/IEC-62443 Series Professional Certification Program.
At the end of the course you will be able to:
- Discuss the principles behind a long-term Industrial Cybersecurity Program.
- Interpret the ISA/IEC-62443 Cybersecurity Guidelines and apply them in your operation.
- Define the fundamentals of risk and methodologies for vulnerability analysis.
- Describe the principles for the development of its Security Policies.
- Explain defense-in-depth concepts and zone/conduit models of security.
- Analyze current trends in industrial security incidents and use of hacker methods to attack a system.
- Define the principles behind key risk mitigation techniques, antivirus and update patches, firewalls and virtual private networks.
It will cover in the course the following topics:
- Understanding the current industrial safety environment: What is electronic security for industrial control and automation systems?, What is different and in common about IT and industrial systems?
- How Do Cyber-Attacks Happen?: Understanding the attack vectors and the steps to a successful attack.
- Creating an Industrial Cybersecurity Program: critical success factors and a complete understanding of the ISA/IEC-62443-2-1 standard (ANSI/ISA.99.02.01-2009).
- Risk Analysis: business rationality, risk identification, classification and security audit. DNSAM methodology.
- Study of the level of risk with its security, organization and awareness policies: CSMS scope, organizational security, staff training and awareness.
- Study of the level of risk with the selected remediation measures: personnel security, physical and environmental security, network segmentation and access control.
- Reached the level of risk, with the implementation of measurements: risk management and implementation, system development and maintenance, documentation and information management.
- Monitoring and Improvement of the CSMS: compliance and review to improve and maintain the CSMS.
Practical exercises to be done in class:
- Development of business cases for Industrial Cybersecurity.
- Examples and case studies demonstrated by the instructor.
- This course has no practical laboratory exercises.
Participants will receive in the class (face-to-face) at home (virtual) access to the following materials. Optional printed material may be provided at an additional cost.
- Printed course lessons.
- ISA/IEC-62443 standards used in the course.
- Educational campus to download complementary information and software.
- Eligibility to obtain the official certificate. (Requires 100% assistance)
Certificate N° 1: Specialist in Fundamentals of Industrial Cybersecurity
- CEU Credits: 1.4
- The exam to obtain the professional certification is taken separately with a maximum period of up to 6 months of completion of the course. At the moment the exam is taken only in English Language.
- UPDATED: The professional certification exam is included in the price for a single opportunity. You can add as many opportunities as you need within 6 months of completing the course, paying the additional fee of USD 150- for each new opportunity.
All participants who meet the course requirements and who successfully pass the final exam with a good grade will be awarded a Digital Badge. The Digital Badge certifies that the participant has attended the 2132 training course and has taken the final evaluation test with a good grade, verifying that said participant has assimilated the new knowledge in a reasonable way.It is required that the participant completes all the requirements of the course to be qualified to take the professional certification exam described below.
Professional certificate of international recognition
All participants who have successfully completed 100% of the objectives of the IC32 course will be able to take the IC32 CyberSecurity Fundamentals Specialist international validity certification exam at the authorized offices of isa. Students who have successfully completed the course will be able to take the exam as many times as they need during a maximum period of 6 months and thus obtain their professional certification. The professional certification exam is of the multiple choice type and is developed only in English. Therefore, participants are required to have good command of the written technical English language.