ISA/IEC 62443 Cybersecurity Risk Assessment Specialist (IC33)
Assessing the Cybersecurity of New or Existing IACS Systems (IC33) will provide students with the information and skills to assess the cybersecurity of a new or existing industrial automation control systems (IACS) and to develop a cybersecurity requirements specification (CRS).
IC33 focuses on the first phase of the IACS Cybersecurity Lifecycle, as defined in ISA/IEC 62443-1-1 standard. Students will learn to identify and document IACS assets and perform a cybersecurity vulnerability and risk assessment to identify and understand the high-risk vulnerabilities that require mitigation. Per ISA/IEC 62443-2-1, these assessments need to be performed on both new (i.e., greenfield) and existing (i.e., brownfield) applications. Part of the assessment process involves developing a zone and conduit model of the system, identifying security level targets, and documenting the cybersecurity requirements in a CRS.
This course is the second course in the ISA/IEC 62443 Cybersecurity Certificate Program. Successful completion of Using the ISA/IEC 62443 Standards to Secure Your Control Systems (IC32) and passing the ISA/IEC 62443 Cybersecurity Fundamentals Specialist certificate exam are mandatory prerequisites for this course.
Course registration includes exam fee. Pass the exams and earn the ISA/IEC 62443 Cybersecurity Risk Assessment Specialist designation. Individuals who successfully achieve Certificates 1, 2, 3 and 4 are automatically designated as an ISA/IEC 62443 Cybersecurity Expert.
| Training Modes Available: | |
| In-Person Classroom | Face-to-face learning in a physical location for hands-on, direct interaction. |
| Virtual Classroom | Live, scheduled sessions conducted via video call with a real-time instructor. |
| Instructor Guided Online | A multi-week program for a group cohort. Includes self-paced modules plus scheduled weekly live group consultations and reviews. Structured like a online group tuition. |
| Self-Paced Modular | 100% On-demand videos and study materials that you complete entirely on your own schedule |
| Training Schedule: | |
| Standard Sessions | 09:00 – 18:00 |
| Evening Sessions (E) | 18:00 – 21:00 |
| Instructor Guided Online (G) | Weekly 2-hour live online sessions (Times as listed in session date) |
| Special Dates (*) | Classes held on Weekends, Public Holidays, or Eve of Public Holidays. |
Price range: $0.00 through $5,536.00pax
Overview
Assessing the Cybersecurity of New or Existing IACS Systems (IC33) will provide students with the information and skills to assess the cybersecurity of a new or existing industrial automation control systems (IACS) and to develop a cybersecurity requirements specification (CRS).
IC33 focuses on the first phase of the IACS Cybersecurity Lifecycle, as defined in ISA/IEC 62443-1-1 standard. Students will learn to identify and document IACS assets and perform a cybersecurity vulnerability and risk assessment to identify and understand the high-risk vulnerabilities that require mitigation. Per ISA/IEC 62443-2-1, these assessments need to be performed on both new (i.e., greenfield) and existing (i.e., brownfield) applications. Part of the assessment process involves developing a zone and conduit model of the system, identifying security level targets, and documenting the cybersecurity requirements in a CRS.
This course is the second course in the ISA/IEC 62443 Cybersecurity Certificate Program. Successful completion of Using the ISA/IEC 62443 Standards to Secure Your Control Systems (IC32) and passing the ISA/IEC 62443 Cybersecurity Fundamentals Specialist certificate exam are mandatory prerequisites for this course.
Course registration includes exam fee. Pass the exams and earn the ISA/IEC 62443 Cybersecurity Risk Assessment Specialist designation. Individuals who successfully achieve Certificates 1, 2, 3 and 4 are automatically designated as an ISA/IEC 62443 Cybersecurity Expert.
Who Should Attend
- Control systems engineers and managers
- System integrators
- IT Engineers and managers at industrial facilities
- Plant managers
- Plant safety and risk management
Curriculum
- Identify and document the scope of the IACS under assessment
- Specify, gather, or generate the cybersecurity information required to perform the assessment
- Identify or discover cybersecurity vulnerabilities inherent in the IACS products or system design
- Interpret the results of a Process Hazard Analysis (PHA)
- Organize and facilitate a cybersecurity risk assessment for an IACS
- Identify and evaluate realistic threat scenarios
- Identify and assess the effectiveness of existing countermeasures
- Identify gaps in existing policies, procedures, and standards
- Evaluate the cost, complexity, and effectiveness of new countermeasures to make meaningful recommendations
- Establish and document security zones and conduits
- Develop a Cybersecurity Requirements Specification (CRS)
- Preparing for an Assessment
- Security lifecycle
- Scope
- System architecture diagrams
- Network diagrams
- Asset inventory
- Cyber criticality assessment
- Cybersecurity Vulnerability Assessment
- Risk
- Types of cybersecurity vulnerability assessments
- High-level assessments
- Passive and active assessments
- Penetration testing
- Conducting high-level assessments
- Assessment tools
- Cyber Security Evaluation Tool (CSET)
- Conducting Vulnerability Assessments
- Vulnerability process
- Pre-assessment
- Standards
- Research
- Kick off and walk-through
- Passive data collection
- Active data collection
- Penetration testing
- Cyber Risk Assessments
- Understanding risk
- Risk identification, classification, and assessment
- ISA/IEC 62443-2-1
- System under Consideration (SuC)
- Conduct high-level risk assessment
- Consequence scale
- Establish zones and conduits
- Zone and conduit drawings and documentation
- Document cybersecurity requirements
- Conducting Cyber Risk Assessments
- Detailed cyber risk assessment process
- Threats
- Vulnerabilities
- Consequences
- Likelihood
- Calculate risk
- Security levels
- Countermeasures
- Residual risk
- Documentation
- Critiquing System Architecture Diagrams
- Asset inventory
- Gap assessment
- Windows vulnerability assessment
- Capturing Ethernet traffic
- Port scanning
- Using vulnerability scanning tools
- Perform a high-level risk assessment
- Creating a zone and conduit diagram
- Perform a detailed cyber risk assessment
- Critiquing a cybersecurity requirements specification
- Documentation and Reporting
- Document to maintain
- Required reports
- Zone and conduit diagrams
- Cybersecurity Requirements Specification (CRS)
What you’ll learn
- Identify and document the scope of the IACS under assessment
- Specify, gather or generate the cybersecurity information required to perform the assessment
- Identify or discover cybersecurity vulnerabilities inherent in the IACS products or system design
- Organize and facilitate a cybersecurity risk assessment for an IACS
- Identify and evaluate realistic threat scenarios
- Identify gaps in existing policies, procedures and standards
- Establish and document security zones and conduits
- Prepare documentation of assessment results
- Interpret the results of an industrial control systems (ICS) cybersecurity risk assessment
- Develop a cybersecurity requirements specification (CRS)
- Develop a conceptual design based on information in a well-crafted CRS
- Explain the security development lifecycle process and deliverables
- Perform a basic firewall configuration and commissioning
- Design a secure remote access solution
- Develop system hardening specification
- Implement a basic network intrusion detection system
- Develop a cybersecurity acceptance test plan (CFAT/CSAT)
- Perform a basic CFAT or CSAT
- Perform basic network diagnostics and troubleshooting
- Interpret the results of IACS device diagnostic alarms and event logs
- Implement IACS backup and restoration procedures
- Describe the IACS patch management lifecycle and procedure
- Apply an antivirus management procedure
- Define the basics of application control and whitelisting tools
- Define the basics of network and host intrusion detection
- Define the basics of security incident and event monitoring tools
- Implement an incident response plan
- Implement an IACS management of change procedure
- Conduct a basic IACS cybersecurity audit
Topics Covered
|
Meet Your trainer
Tony Stark
Tony is a trainer and consultant in Industry 5.0, helping organisations embrace human–machine collaboration, sustainability, and workforce transformation. He delivers practical insights that make innovation accessible and actionable.
FAQ
Read more about it here.
Participants must have ISA/IEC 62443 Cybersecurity Fundamentals Specialist certificate (IC32).
Please refer to here for more details.
- You will have a six-month window following the training to complete your online MCQ exam, which is administered by an external third party.
- All sessions are led by ISA-authorized trainers, bringing world-class International Society of Automation standards directly to your learning experience.
- Training location is at a Paya Lebar area, with easy access to MRT and a wide range of food options. Tea break and lunch are not provided.
- A comprehensive Welcome Kit will be sent to you via email prior to the course start date. This includes the venue location, travel directions, safety guidelines, and trainer profiles. Any further questions can be addressed directly with the trainer during the sessions.
We recommend you to take one of out introduction courses here. Do reach out to us if you need a course consultation.
Please bring an official photo ID for exam verification, and a personal laptop (avoid company-issued devices due to potential security restrictions).
You will receive two levels of recognition:
Alvernex Certificate of Completion: Awarded immediately to recognize your training hours and participation.
ISA/IEC 62443 Cybersecurity Certificates: Upon passing the third-party exams, you will earn this prestigious, globally recognized credential. It is the definitive proof of your competency and is publicly searchable on the official ISA registry here.
We are committed to your long-term success. As an Alumnus, you gain access to:
Complimentary Coaching: A one-hour session for career strategy or to experience professional coaching firsthand.
Exclusive Community: Access to our private Telegram group for the latest technical news, job leads, and industry networking opportunities.
There is no funding available at the moment, however, we are working towards being a SSG recognised RTP. Register your interest and we will notify you should this course be eligible for funding.
Some credit card offers interest-free instalment plans. Please check with your credit card company if there are additional fees.
Should the class be unable to meet the minimum class size of 8 pax, we will place you in the rescheduled class. We will inform you latest two weeks before the scheduled date.
For refunds, please see our Cancellation Policy here.
Alternatively, replacement attendees are permitted, provided they meet the specific prerequisites for the course. Replacement requests must be submitted at least 5 business days before the class commence.
A administrative fee of 10% of course fee applies.
Please refer to our policy page here.