The third phase in the Cybersecurity in Industrial Systems (IACS ) lifecycle – defined in ISA/IEC-62443-1-1) focuses on activities associated with ongoing operations and the maintenance of Cybersecurity. This involves performing diagnostics and troubleshooting, monitoring security, responding to incidents, and maintaining the cybersecurity countermeasures implemented in the design and implementation phase. This phase also includes security management of recovery, backup and cyber security procedures and periodic audits. This course will provide students with the information and skills to detect and troubleshoot cybersecurity issues in the face of potential events, as well as the skills to maintain the level of security of an operating system throughout its lifecycle despite the challenges of a changing environment with all its threats.
You will be able to:
- Perform diagnostics and solution of basic problems of industrial networks
- Interpret device results as diagnostic alarms and event logs
- Implement backup and restore procedures for industrial systems
- Describe the IACSs lifecycle and patch and update management procedure
- Apply an antivirus management procedure
- Define the basics of controlling applications and tools by whitelisting
- Define the basics of the network and HOST for intrusion detection
- Define security incident basics and event monitoring tools
- Implement an incident response plan
- Implement a management of the IACS change procedure
- Perform a basic computer security audit in Sistemas Industriales IACS
The following topics will be covered:
- Introduction to the ICS Cybersecurity Lifecycle
- Identification and evaluation phase
- Phase Design and Implementation
- Operations and Maintenance Phase
- Network diagnostics and troubleshooting
- Interpretation of device alarms and event logs
- The first indicators
- network intrusion detection systems
- network management tools
- Application diagnostics and troubleshooting
- Interpretation of OS alarms, applications, and event logs
- The first indicators
- managing applications and whitelisting tools
- Antivirus and endpoint protection tools
- Security Incidents and Event Monitoring (SIEM) tools
- Procedures and tools for the operation of the IACS Cybersecurity
- Development and monitoring of a management of the IACS change procedure
- Development and follow-up of an IACS backup procedure
- IACS Configuration Management Tools
- Development and monitoring of an IACS patch management procedure
- patch management tools
- Development and monitoring of an IACS antivirus management procedure
- Antivirus and whitelist tools
- Development and follow-up of a cybersecurity audit procedure of the IACS
- audit tools
- IACS Incident Response
- Development and follow-up of an IACS incident response plan
- Investigation of the incident
- System Recovery
Practical exercises to be done in class:
- Asset inventory
- ICS Device Hardening
- Disabling USB storage devices
- Restrict access to USB drives
- Application Control / Whitelisting
- Microsoft Windows Software Update Services (WSUS)
- PLC backup and configuration management
- Change Management (MOC form)
- Event detection tracking and vulnerability scanning log monitoring
- Capture packet network analysis
- Troubleshooting and Forensics.
Participants will receive in the class (face-to-face) at home (virtual) access to the following materials. Optional printed material may be provided at an additional cost.
- Printed course lessons.
- ISA/IEC-62443 standards used in the course.
- Educational campus to download complementary information and software.
- Laboratory workshops.
- Eligibility to obtain the official certificate. (Requires 100% assistance).
- Have taken and passed the IC32, TS06, TS12 and TS20 Courses.
To take Certification Exam 4 “ISA/IEC-62443 Cybersecurity Maintenance Specialist” the participant must have passed Certification Exam 3 “ISA/IEC-62443 Cybersecurity Design Specialist”.
Certification N° 4 “ISA/IEC-62443 Cybersecurity Maintenance Specialist”
- CRE Credits: 2,1
- CEU Credits: 2.1 (Awarded by ISA)
- The Exam to obtain the professional certification is taken separately with a maximum period of up to 6 months of completion of the course. At the moment the exam is taken only in English Language.
- UPDATED: The professional certification exam is included in the price for a single opportunity. You can add as many opportunities as you need within 6 months of finishing the course, paying the additional Fee of USD 150,- for each new opportunity.
All participants who meet the course requirements and who successfully pass the final exam with a good grade will be awarded a Digital Badge. The digital badge certifies that the participant has attended the 2137 training course and has taken the final evaluation test with a good grade, verifying that said participant has assimilated the new knowledge in a reasonable way.
Professional certificate of international recognition
All participants who have successfully completed 100% of the objectives of the IC37 course will be able to take the IC37 CyberSecurity Maintenance Specialist international validity certification exam at the scanTRON authorized facilities. Students who have successfully completed the course will have multiple opportunities over a maximum period of 6 months to take the exam and thus obtain their professional certification. The professional certification exam is of the multiple choice type and is developed only in English. Therefore, participants are required to have good command of the written technical English language.