IC32 Using the ANSI/ISA-62443 Standards to Secure Your Control System
Learn how the ANSI/ISA99 standards can be used to protect your critical control systems
The move to using open standards such as Ethernet, TCP/IP, and web technologies in supervisory control and data acquisition (SCADA) and process control networks has begun to expose these systems to the same cyberattacks that have wreaked so much havoc on corporate information systems. This course provides a detailed look at how the ANSI/ISA99 standards can be used to protect your critical control systems. It also explores the procedural and technical differences between the security for traditional IT environments and those solutions appropriate for SCADA or plant floor environments.
You will be able to:
Discuss the principles behind creating an effective long term program security
Interpret the ISA/IEC 62443 industrial security framework and apply them to your operation
Define the basics of risk and vulnerability analysis methodologies
Describe the principles of security policy development
Explain the concepts of defense in depth and zone/conduit models of security
Analyze the current trends in industrial security incidents and methods hackers use to attack a system
Define the principles behind the key risk mitigation techniques, including anti-virus and patch management, firewalls, and virtual private networks
You will cover:
Understanding the Current Industrial Security Environment: What is Electronic Security for Industrial Automation and Control Systems? | How IT and the Plant Floor are Different and How They are the Same
How Cyberattacks Happen: Understanding the Threat Sources | The Steps to Successful Cyberattacks
Creating A Security Program: Critical Factors for Success/Understanding the ANSI/ISA-62443-2-1 (ANSI/ISA-99.02.01-2009)- Security for Industrial Automation and Control Systems: Establishing an Industrial Automation and Control Systems Security Program
Risk Analysis: Business Rationale | Risk Identification, Classification, and Assessment
Addressing Risk with Security Policy, Organization, and Awareness: CSMS Scope | Organizational Security | Staff Training and Security Awareness
Addressing Risk with Selected Security Counter Measures: Personnel Security | Physical and Environmental Security | Network Segmentation | Access Control
Addressing Risk with Implementation Measures: Risk Management and Implementation | System Development and Maintenance | Information and Document Management
Monitoring and Improving the CSMS: Compliance and Review | Improve and Maintain the CSMS
Learn how to use built in Windows Operating System (OS) command line prompts to enumerate and understand a network
Introduce the use of port scanning utilities to identify open ports, running services, OS, and other attributes of a network connected device
Investigate the use of packet capturing tools to display and analyze network traffic
Apply a free windows baseline security analyzer tool from Microsoft
Includes ISA Standards:
ANSI/ISA-62443-1-1 (ANSI/ISA-99.00.01-2007), Security for Industrial Automation and Control Systems Part 1: Terminology, Concepts & Models
ANSI/ISA-62443-2-1 (ANSI/ISA-99.02.01-2009), Security for Industrial Automation and Control Systems: Establishing an Industrial Automation and Control Systems Security Program
ANSI/ISA-62443-3-3, Security for industrial automation and control systems: System security requirements and security levels
There are no required prerequisites for taking this course; however, it is highly recommended that applicants have at least one to three years of experience in the cybersecurity field with some experience in an industrial setting.
🏢 Onsite, Instructor-Led
No dates scheduled?
Can't make dates shown?
Let us know and we will keep you updated as more courses are scheduled.