Course Details

This course is appropriate for a wide range of professionals but not limited to:

• Control Systems Engineers
• Automation Engineers
• Process Engineers
• Industrial IT Professionals
• SCADA/DCS/PLC Technicians
• Cybersecurity Professionals working in industrial environments
• OT (Operational Technology) Security Managers
• Plant Managers and Operations Personnel

• Expert-led sessions with dynamic visual aids
• Comprehensive course manual to support practical application and reinforcement
• Interactive discussions addressing participants’ real-world projects and challenges
• Insightful case studies and proven best practices to enhance learning

By the end of this course, participants will be able to:

• Understand key cybersecurity concepts and their relevance to process control systems.
• Navigate the ISA99 / IEC 62443 standards and apply them to real-world IACS scenarios.
• Identify, assess, and mitigate cybersecurity risks in industrial control environments.
• Implement and manage secure operating procedures and cybersecurity policies.
• Detect and respond to cybersecurity incidents using established methodologies.
• Utilize application diagnostics tools for identifying vulnerabilities and troubleshooting.
• Establish a cybersecurity lifecycle program tailored to IACS environments.

DAY 1

Cybersecurity Fundamentals for Process Control

• Welcome and introduction
• Pre-test
• Introduction to Industrial Cybersecurity
• Differences Between IT and OT Security
• Threat Landscape for Industrial Systems
• Common Vulnerabilities in Process Control Networks
• Basic Concepts: CIA Triad (Confidentiality, Integrity, Availability)
• Security Objectives in Industrial Environments
• Case Study

DAY 2

IACS Cybersecurity Lifecycle and ISA99 / IEC 62443 Framework

• Overview of the IACS Cybersecurity Lifecycle
• Introduction to ISA99 / IEC 62443 Standards
• Key Terminologies and Concepts
• Security Levels and Zones/Conduits Model
• Roles and Responsibilities Across the Lifecycle
• Integration of Cybersecurity into the System Lifecycle (SL-C)
• Hands-on Exercise

DAY 3

Risk Management and Application Security

• Risk Assessment and Threat Modeling for IACS
• Asset Inventory and Vulnerability Assessment
• Security Policies, Risk Acceptance, and Mitigation Strategies
• Secure System Design Principles
• Role of Application Diagnostics in Security Monitoring
• Configuration and Change Management in Control Systems
• Tools and Techniques for Security Health Checks

DAY 4

IACS Cybersecurity Operating Procedures & Troubleshooting

• Developing and Implementing Cybersecurity Procedures
• Network Segmentation and Access Control
• Patch Management and Backup Procedures
• Logging, Monitoring, and Alarm Management for Security
• Troubleshooting Cybersecurity Incidents in IACS
• Hands-on Exercise

DAY 5

Incident Response and Recovery

• Preparing an Incident Response Plan (IRP)
• Identifying and Classifying Security Incidents
• Incident Detection, Reporting, and Investigation Procedures
• Containment, Eradication, and Recovery
• Coordination with IT and External Stakeholders
• Post-Incident Review and Lessons Learned
• Workshop
• Post-test
• Certificate ceremony