WisePlant – A WiseGroup Company

2133: Vulnerability Analysis and Cyber Risk Assessment in New and Existing Industrial Systems (IC33)

The first phase in the Industrial Systems Cybersecurity Lifecycle (IACS – defined in ISA/IEC-62443-1-1) consists of identifying and documenting industrial assets (IACS) and performing a cybersecurity vulnerability analysis and risk assessment in order to identify and understand high-risk vulnerabilities that require mitigation. By ISA/IEC-62443-2-1 these assessments must be performed on both existing (Brownfield) and new (Greenfield) applications. Part of the assessment process involves developing a zone and conduit model of the systems under consideration, identifying security level objectives, and documenting cybersecurity requirements into a cybersecurity requirements specification (CSRS). This course will provide students with the information and skills needed to assess the cybersecurity of new or existing IACS and develop a specification of cybersecurity requirements that can be used to document the project’s cybersecurity requirements. This training course contains a good number of practical exercises of the laboratory type. In order for participants to take the professional certification exam in the SCANTRON network, they must complete all the exercises and attend 100% of the classes and/or sessions.

You will be in a position to

  • Identify and document the scope of IACSs under evaluation and under consideration
  • Specify, gather, or generate the cybersecurity information necessary to perform the assessment
  • Identify or discover cybersecurity vulnerabilities inherent in the product or system under consideration
  • Organize and facilitate a cybersecurity risk assessment for an integrated system
  • Identify and evaluate realistic threat scenarios
  • Identify gaps in existing company policies, procedures and standards
  • Establish and document safety zones and conduits
  • Prepare documentation of the results of the evaluation.

Practical exercises to be done in class

  • Discuss and critique systems architecture and its diagrams
  • Inventory of assets of the systems under consideration
  • Assessment of deficiencies
  • Vulnerability Assessment (Windows)
  • Ethernet traffic capture exercises
  • Port Scanning
  • Using Vulnerability Scanning Tools
  • Conducting a high-level risk assessment
  • Creating a zone and duct diagram
  • Conducting a detailed cyber risk assessment
  • Discuss and critique a specification of cybersecurity requirements


Participants will receive in the class (face-to-face) at home (virtual) access to the following materials. Optional printed material may be provided at an additional cost.

  • Printed course lessons.
  • ISA/IEC-62443 standards used in the course.
  • Educational campus to download complementary information and software.
  • Laboratory workshops.
  • Eligibility to obtain the official certificate. (Requires 100% assistance).


Have completed and passed the IC32 Course. To take certification exam 2 “ISA/IEC 62443 Cybersecurity Risk Assessment Specialist” the participant must have passed the certification exam 1 “ISA/IEC 62443 Cybersecurity Fundamentals Specialist”.

Certification N° 2 “ISA/IEC 62443 Cybersecurity Risk Assessment Specialist”

  • CRE Credits: 2,1
  • CEU Credits: 2.1 (Awarded by ISA)
  • The exam to obtain the professional certification (included in the registration) is taken separately with a maximum period of up to 6 months of completion of the course. At the moment the exam is taken only in English.
  • UPDATED: The professional certification exam is included in the price for a single opportunity. You can add as many opportunities as you need within 6 months of finishing the course, paying the additional Fee of USD 150,- for each new opportunity.


All participants who meet the course requirements and who successfully pass the final exam with a good grade will be awarded a Digital Badge. The digital badge certifies that the participant has attended the 2133 training course and has taken the final evaluation test with a good grade, verifying that said participant has assimilated the new knowledge in a reasonable way. It is required that the participant completes all the requirements of the course to be qualified to take the professional certification exam described below.

Professional Certificate of International Recognition

All participants who have successfully completed 100% of the objectives of the IC33 course will be able to take the ISA/IEC-62443 Cybersecurity Risk Assessment Specialist international validity certification exam in the authorized facilities. Students who have successfully completed the course will have multiple opportunities over a maximum period of 6 months to take the exam and thus obtain their professional certification. The professional certification exam is of the multiple choice type and is developed only in English. Therefore, participants are required to have good command of the written technical English language.

You cannot copy the content of this page!