The second phase in the Industrial Systems Cybersecurity Lifecycle (IACS – defined in ISA/IEC-62443-1-1) focuses on activities associated with the design and implementation of cybersecurity countermeasures. This involves the selection of appropriate countermeasures based on their security-level capability and the nature of the threats and vulnerabilities identified in the assessment phase. This phase also includes conducting cybersecurity tests for the acceptance of the integrated solution, in order to validate that the countermeasures are implemented correctly and that the industrial system under consideration has reached the required level of security. This course will provide students with the information and skills to select and apply counter-cybersecurity measures for new or existing industrial systems (IACS) in order to achieve the level of security required and assigned to each zone and conduit. In addition, participants will learn how to develop and execute test plans to verify that the cybersecurity of the integrated solution has adequately met the objectives of the cybersecurity requirements specification.
You will be in a position to
- Interpret the results of an ICS cybersecurity risk assessment
- Develop a Cybersecurity Requirements Specification (CSRS)
- Develop an information-based conceptual design in a well-crafted CSRS
- Explain the security development lifecycle process and outcomes
- Perform a basic firewall configuration and commissioning
- Design a secure remote access solution
- Develop specifications, system hardening
- Implement a core intrusion detection system network
- Develop a Cybersecurity Acceptance Test Plan (CFAT/CSAT)
- Perform a basic CFAT or CSAT
The following topics will be covered
- Introduction to the ICS Cybersecurity Lifecycle
- Evaluation phase
- Implementation phase
- Maintenance phase
- Conceptual design of processes
- Interpretation of risk assessment results
- Cybersecurity Requirements Specifications
- The development of a conceptual design
- Conceptual Design Specification
- Detailed design process
- Security Development Lifecycle (SDL)
- Types of technology
- Selecting the appropriate technology
- Developing a detailed design
- Document the design/specification
- Design and implementation of examples
- Example Firewall Design
- Remote Access Design Example
- Hardening design example system
- Intrusion detection design example
- The development of test plans
- Factory acceptance tests cybersecurity
- On-site acceptance testing cybersecurity
Practical exercises to be done in class
- Develop a physical security and cybersecurity plan
- Configure an Edge Firewall
- Configure an ICS Firewall
- Install and use SNORT!
- Configure Windows Local Objects Group Policy
- Install MS Security Compliance Manager (SCM)
- ICS Device Hardening Behavior
- Network hardening behavior
- Use a domain controller
- Set up a VPN connection
- Security Configuration Audit
- Perform system robustness test
Participants will receive in the class (face-to-face) at home (virtual) access to the following materials. Optional printed material may be provided at an additional cost.
- Printed course lessons.
- ISA/IEC-62443 standards used in the course.
- Educational campus to download complementary information and software.
- Laboratory workshops.
- Eligibility to obtain the official certificate. (Requires 100% assistance).
- Have completed and passed the IC32 Course.
To take the certification exam 3 “ISA/IEC-62443 Cybersecurity Design Specialist” the participant must have passed the certification exam 2 “ISA/IEC-62443 Cybersecurity Risk Assessment Specialist”.
Certification N° 3 “ISA/IEC-62443 Cybersecurity Design Specialist”
- CRE Credits: 2,1
- CEU Credits: 2.1 (Awarded by ISA)
- The Exam to obtain the professional certification is taken separately with a maximum period of up to 6 months of completion of the course. At the moment the exam is taken only in English Language.
- UPDATED: The SCANTRON professional certification exam is included in the price for a single opportunity. You can add as many opportunities as you need within 6 months of finishing the course, paying the additional Fee of USD 150,- for each new opportunity.
All participants who meet the course requirements and who successfully pass the final exam with a good grade will be awarded a Digital Badge. The digital badge certifies that the participant has attended the 2134 training course and has taken the final evaluation test with a good grade, verifying that said participant has assimilated the new knowledge in a reasonable way.
Professional certificate of international recognition
All participants who have successfully completed 100% of the objectives of the IC34 course, will be able to take the IC34 CyberSecurity Design Specialist international validity certification exam in the authorized dependencies. Students who have successfully completed the course will have multiple opportunities over a maximum period of 6 months to take the exam and thus obtain their professional certification. The professional certification exam is of the multiple choice type and is developed only in English. Therefore, participants are required to have good command of the written technical English language.