IACS Cybersecurity Operations & Maintenance (IC37) focuses on the activities associated with the ongoing operations and maintenance of IACS cybersecurity implemented in the Design & Implementation phase. This involves network diagnostics and troubleshooting, security monitoring and incident response, and maintenance of the implemented cybersecurity countermeasures. This phase also includes security management of change, backup and recovery procedures, and periodic cybersecurity audits. IC37 will provide students with the information and skills to detect and troubleshoot potential cybersecurity events as well as the skills to maintain the security level of an operating system throughout its lifecycle despite the challenges of an ever-changing threat environment.
Prerequisite
Successful completion of Using the ISA/IEC 62443 Standards to Secure Your Control Systems (IC32) and passing the ISA/IEC 62443 Cybersecurity Fundamentals Specialist certificate exam are mandatory prerequisites for this course.
Who Should Attend IC37?
- Control systems engineers and managers
- System integrators
- IT engineers and managers in industrial facilities
- Plant managers
- Plant safety and risk management personnel
View Offerings by Format
Classroom (IC37)Length: 3 days |
Virtual Classroom (IC37V)Length: 3 days |
Self-Paced Modular Course (IC37M)Length: 5 Modules |
Visit our course formats page for a detailed description of each format.
Learning Objectives
- Perform basic network diagnostics and troubleshooting
- Interpret the results of IACS device diagnostic alarms and event logs
- Implement IACS backup and restoration procedures
- Describe the IACS patch management lifecycle and procedure
- Apply an antivirus management procedure
- Define the basics of:
- application control and whitelisting tools
- network and host intrusion detection
- security incident and event monitoring tools
- Implement an:
- incident response plan
- IACS management of change procedure
- Conduct a basic ISCS cybersecurity audit
Topics Covered
- Introduction to the ICS Cybersecurity Lifecycle
- Identification & Assessment phase
- Design & Implementation phase
- Operations & Maintenance phase
- Network Diagnostics and Troubleshooting
- Interpreting device alarms and event logs
- Early indicators
- Network intrusion detection systems
- Network management tools
- Security Monitoring & Detection
- Interpreting OS and application alarms and event logs
- Early indicators
- Application management and whitelisting tools
- Antivirus and endpoint protection tools
- Security incident and event monitoring (SIEM) tools
- Security Management & Maintenance
- Develop and follow an IACS:
- Management of change procedure
- Backup procedure
- Patch management procedure
- Antivirus management procedure
- Cybersecurity audit procedure
- IACS configuration management tools
- Patch management tools
- Antivirus and whitelisting tools
- Auditing tools
- IACS incident response and recovery
- Develop and follow an IACS incident response plan
- Incident investigation
- System recovery
- Develop and follow an IACS:
Classroom/Laboratory Exercises
Classroom formats only
- Build the Board
- Allowlisting
- Patch management
- Snort intrusion detection system
- Monitoring
- Troubleshooting
- Incident recovery
- Security Information and Event Management (SIEM)
Modular formats only
- Network diagnostics and troubleshooting
- Intrusion detection alarm
- Event monitoring
- Configuration management
- Patch management
- Anti-virus management
- Whitelisting
- Vulnerability scanning tools
- Incident response
- Backup and recovery
Resources Included*
- ISA-62443-1-1 (99.01.01)-2007, Security for Industrial Automation and Control Systems Part 1: Terminology, Concepts & Models
- ISA-62443-2-1 (99.02.01)-2009, Security for Industrial Automation and Control Systems Part 2-1: Establishing an Industrial Automation and Control Systems Security Program
- ANSI/ISA-62443-3-3 (99.03.03)-2013, Security for industrial automation and control systems: System security requirements and security levels ANSI/ISA-62443-3-3