•   Assessing the Cybersecurity of New or Existing IACS Systems (IC33)



    Length:  3 days
    CEUs:  2.1
    Certificate Program: Part of the ISA/IEC 62443 Cybersecurity Certificate Program
    Your course registration includes your registration for the exam.
    Certification of Completion: A Certificate of Completion indicating the total number of CEUs earned will be provided upon successful completion of the course.

    Looking for the online version of this course?
    View our online resources page for this course and many others.


    The first phase in the IACS Cybersecurity Lifecycle (defined in ISA 62443-1-1) is to identify and document IACS assets and perform a cybersecurity vulnerability and risk assessment in order to identify and understand the high-risk vulnerabilities that require mitigation.  Per ISA 62443-2-1 these assessments need to be performed on both new (i.e. greenfield) and existing (i.e. brownfield) applications. Part of the assessment process involves developing a zone and conduit model of the system, identifying security level targets, and documenting the cybersecurity requirements into a cybersecurity requirements specification (CRS).  

    This course will provide students with the information and skills to assess the cybersecurity of a new or existing IACS and to develop a cybersecurity requirements specification that can be used to document the cybersecurity requirements the project.

    You Will Be Able to:

    • Identify and document the scope of the IACS under assessment
    • Specify, gather or generate the cybersecurity information required to perform the assessment
    • Identify or discover cybersecurity vulnerabilities inherent in the IACS products or system design
    • Organize and facilitate a cybersecurity risk assessment for an IACS
    • Identify and evaluate realistic threat scenarios
    • Identify gaps in existing policies, procedures and standards
    • Establish and document security zones and conduits 
    • Prepare documentation of assessment results

    You Will Cover:

    • Preparing for an Assessment
    • Cybersecurity Vulnerability Assessment
    • Conducting Vulnerability Assessments
    • Cyber Risk Assessments
    • Conducting Cyber Risk Assessments
    • Documentation and Reporting
    • And more...

    Classroom/Laboratory Exercises:

    • Risk Assessment Using CSET
    • Risk Assessment using ISA 62443 Standards
    • Creating Zone & Conduit Diagrams
    • Asset Inventory
    • Windows Vulnerability Scanning
    • Introduction to Pentesting
    • Detailed Risk Assessment

    Who Should Attend:

    • Control systems engineers and managers
    • System Integrators
    • IT engineers and managers industrial facilities
    • IT corporate/security professionals
    • Plant Safety and Risk Management

    Recommended Pre-Requisite:

    ISA Course IC32 or equivalent knowledge/experience.


    For more information:
    Contact us at +1 919-549-8411 or info@isa.org to start your company on the path to well-trained employees.