Industrial Cyber Risk Assessment in Zones and Ducts - 2160
Course of Identification and evaluation of industrial cyber risks in zones and conduits (2160).
- USD 800, - per participant.
* In the event that the client requests local invoicing from one of our subsidiaries in South America, the final price for each country may vary depending on local taxes and foreign trade laws in each country. At the time of completing the registration form you have a list of frequently asked questions.
Available on backorder
Develop all the necessary tools to execute the Industrial Cyber Risk Assessment, complying with all the requirements of the ISA / IEC-62443 series of standards with ease, speed and ensuring compliance.
The methodology for assessing cyber risks correctly is essential to make the right decisions with the main objective of creating industrial infrastructure that is resilient to all types of threats, including the most persistent.
The course is developed entirely with the Zones & Conduits Manager system and mainly with the ASSESS Software module, covering 100% the needs of the Industrial Cyber Risk Assessment Phase for existing or new systems.
At the end of the course you will be able to:
- Properly interpret the requirements of the ISA / IEC-62443 series of standards for the Cyber Risk Assessment (ASSESSMENT) phase.
- Develop all these risk assessment activities successfully using a minimum amount of time, devoting most of the value activities.
- Correctly identify the system under consideration whether these existing or future systems begin in engineering stages.
- Participate and / or lead an evaluation of the detailed Cyber Risk based on realistic Consequences.
- Make good decisions in a manner consistent with other industrial risk disciplines.
- Develop a clear and effective action plan for risk reduction according to the risk matrix and the company's risk tolerance.
- Interpret the requirements and understand the necessary activities to be carried out during the Cyber Risk Assessment phase (ASSESSMENT) with Zones & Conduits Manager.
- Configure, install and operate the Zones & Conduits Manager system to:
- Accurately identify the complete list of cyber-assets that make up the system under consideration, including Hardware, Virtual Machines and Software. Including all levels of the PERDUE model and all Cyber-Assets connected to networks and those that are not.
- Configure and use the Midget Inspector to identify inventories of Cyber-Assets in a practical, economical, manual, safe and complete way.
- Install, configure and use the Zone Analyzer to identify and monitor 7x 24 continuously and passively the Industrial Cyber-Assets.
- Install, configure and use the Duct Analyzer to identify and monitor continuously 7 × 24 and passively industrial networks and their protocols.
- Configure and use the ZCM Server to identify vulnerabilities of all Cyber-Assets that are part of the System under Consideration. Including Public Vulnerabilities (existing in global databases), Private (typical of the particular installation of the SuC), and zero day.
- Model the initial Zones and Conduits currently in the System under Consideration (SuC).
- Model the Industrial Cybersecurity risk matrix to be used to calculate the Industrial Cyber Risk in a repeatable and auditable manner.
- Develop an evaluation of maturity in the organization against global best practices, including ISA / IEC-62443 and C2M2 and how to use other models.
- Develop security breach assessments against global best practices, including: ISA / IEC-62443 and others.
- Model the Company's Assets and identify all potential consequences through the hazard identification technique and criticality analysis of all SuC Cyber-Assets.
- Participate and / or conduct a detailed cyber risk assessment according to the methodology for the risk assessment of ISA / IEC-62443.
- Prepare the necessary Recommendations to reach the Tolerable Risk by the organization.
- Prepare the necessary reports with the necessary recommendations at the level of technology, systems, policies, procedures, best practices and until the maturity of the organization.
- Create the Dashboard with the objectives that will be necessary to incorporate in the implementation phase, (IMPLEMENT).
Practical exercises to be done in class:
- Identification of Cyber-Assets using different techniques and tools, automatic and manual.
- Interpret the results of the different results and use to model the SuC in Initial Zones and Conduits. (Existing As-Is).
- Identify Technological Vulnerabilities (CVEs, ..), procedural and administrative using the resources available in the ZCM created for this purpose.
- Interpret the results of an existing HAZOP study to obtain relevant information that will be used in the risk assessment and configuration of the ZCM system.
- Determine the Target Security Level for each Zone and Conduit.
- Detailed Risk Assessment on Zones and Conduits of a system in an example plant to make decisions that serve to mitigate industrial cyber risks.
- Produce a final report with recommendations for improvement to be implemented in the SuC, the plant and the organization.
- Monitor Zones and Conduits continuously to detect changes, intrusions and malware. (This topic is intensively developed in the MAINTAIN course).
- Course Material
- Access to the Educational Campus.
- Supplementary material in digital form available on the academic campus.
Modalities and schedules:
- Face-to-face and / or virtual.
- Duration: 16 total hours.
It has no specific requirements. However, it is recommended that the professional has knowledge of any of the following topics:
- Systems of Supervision and Automation of Industrial Processes.
- Industrial protocols, such as: Modbus, Profibus, Ethernet / IP, OPC or others.
- Instrumented security systems and / or functional safety. ISA84 Committee Rules.
- Experience in plants and industrial processes.
- ANSI / ISA 5.1 Process Symbology Standard
- Standard for information management and industrial data flows ISA95.
- Industrial Cybersecurity Standards published by the ISA99 committee.
- Information cybersecurity (IT) and / or data network domain.
Only logged in customers who have purchased this product may leave a review.