The first lifecycle phase is identifying and documenting industrial automation and control systems (IACSs), which includes performing cybersecurity vulnerability and risk assessments to identify and understand high-risk vulnerabilities that require mitigation. The second phase reviews the IACS cybersecurity lifecycle, focusing on activities associated with designing and implementing IACS cybersecurity countermeasures. Lastly, the third and final phase addresses the activities related to the ongoing operations and maintenance of IACS cybersecurity.
Note: IC48 includes material from three training courses condensed into a five-day course. This fast-paced training is intended only for those meeting all required prerequisites.
ISA/IEC 62443 Cybersecurity Certificate Program: The program has five certificates. Each of the first four certificates requires successful completion of a course and passing an exam. Certificate One — ISA/IEC 62443 Cybersecurity Fundamentals Specialist is required before taking certificate exams two, three and four.
This fast-track course may be taken in lieu of taking the courses for Certificates 2 to 4 (IC33, IC34 and IC37). Upon successful course completion, you may take each of the certificate exams separately and in any order. Course registration includes one exam for each corresponding course (IC33, IC34, and IC37). You may pay a fee to retest as many times as necessary to pass your certificate exam(s). Your six-month eligibility period begins on the date you complete your certificate course or pass the IC32 exam.
The ISA/IEC 62443 Cybersecurity Expert certificate is awarded automatically upon completing all four certificates. Learn more on our ISA/IEC 62443 Cybersecurity Certificate program webpage.
Required Prerequisites
- ISA/IEC 62443 Cybersecurity Fundamentals Specialist certificate*
- Current job must be in the cybersecurity field
- Must have worked in the cybersecurity (or similar) field for the last three years
- Participants must have substantive (technical) knowledge of cybersecurity for IACS
*The ISA/IEC 62443 Cybersecurity Fundamentals Specialist certificate is earned by successfully completing ISA's course, Using the ISA/IEC 62443 Standards to Secure Your Control Systems (IC32) and passing the ISA/IEC 62443 Cybersecurity Fundamentals Specialist certificate exam. IC32 is offered in multiple formats; visit the course webpage to review course offerings.
Who Should Take IC48?
- Professionals involved in the cybersecurity of industrial automation and control systems (IACS)
- System operators, engineers, IT and OT security personnel, network administrators and professionals responsible for managing or securing IACS environments
- Those in roles related to risk assessment, incident response and compliance within industrial settings
View Offerings by Format
Classroom (IC48)Length: 5 days |
Virtual Classroom (IC48V)Length: 5 days |
Visit our course formats page for a detailed description of each format.
Learning Objectives
- Identify and document the scope of the IACS under assessment
- Specify, gather or generate the cybersecurity information required to perform the assessment
- Identify or discover cybersecurity vulnerabilities inherent in the IACS products or system design
- Organize and facilitate a cybersecurity risk assessment for an IACS
- Identify and evaluate realistic threat scenarios
- Identify gaps in existing policies, procedures and standards
- Establish and document security zones and conduits
- Prepare documentation of assessment results
- Interpret the results of an industrial control systems (ICS) cybersecurity risk assessment
- Develop a cybersecurity requirements specification (CRS)
- Develop a conceptual design based on information in a well-crafted CRS
- Explain the security development lifecycle process and deliverables
- Perform a basic firewall configuration and commissioning
- Design a secure remote access solution
- Develop system hardening specification
- Implement a basic network intrusion detection system
- Develop a cybersecurity acceptance test plan (CFAT/CSAT)
- Perform a basic CFAT or CSAT
- Perform basic network diagnostics and troubleshooting
- Interpret the results of IACS device diagnostic alarms and event logs
- Implement IACS backup and restoration procedures
- Describe the IACS patch management lifecycle and procedure
- Apply an antivirus management procedure
- Define the basics of application control and whitelisting tools
- Define the basics of network and host intrusion detection
- Define the basics of security incident and event monitoring tools
- Implement an incident response plan
- Implement an IACS management of change procedure
- Conduct a basic IACS cybersecurity audit
Topics Covered
- Introduction to the ICS Cybersecurity Lifecycle
- Identification and assessment phase
- Design and implementation phase
- Operations and maintenance phase
- Preparing for an Assessment
- Cybersecurity vulnerability assessment
- Conducting vulnerability assessments
- Cyber Risk Assessment
- Conducting cyber risk assessments
- Documentation and reporting
- Conceptual Design Process
- Interpreting risk assessment results
- Cybersecurity requirements specifications
- Developing a conceptual design
- Conceptual design specification
- Detailed Design Process
- Security development lifecycle (SDL)
- Types of technology
- Selecting appropriate technology
- Developing a detailed design
- Documenting the design/specification
- Design & Implementation Examples
- Firewall design
- Remote access design
- System hardening design
- Intrusion detection design
- Testing
- Developing test plans
- Cybersecurity factory acceptance testing
- Cybersecurity site acceptance testing
- Network Diagnostics and Troubleshooting
- Interpreting device alarms and event logs
- Early indicators
- Network intrusion detection systems
- Network management tools
- Application Diagnostics and Troubleshooting
- Interpreting OS and application alarms and event logs
- Early indicators
- Application management and whitelisting tools
- Antivirus and endpoint protection tools
- Security incident and event monitoring (SIEM) tools
- IACS Cybersecurity Operating Procedures and Tools
- Developing and following an IACS management of change procedure
- Developing and following an IACS backup procedure
- IACS configuration management tools
- Developing and following an IACS patch management procedure
- Patch management tools
- Developing and following an IACS antivirus management procedure
- Antivirus and whitelisting tools
- Developing and following an IACS cybersecurity audit procedure
- Auditing tools
- IACS Incident Response
- Developing and following an IACS incident response plan
- Incident investigation
- System recovery
Recommended Standards
- ISA-62443-1-1-2007, Security for Industrial automation and control systems – Part 1-1: Terminology, concepts and models
- ISA-62443-2-1 (99.02.01)-2009, Security for industrial automation and control systems – Part 2-1: Establishing an industrial automation and control systems security program
- ISA-62443-3‑2-2020, Security for industrial automation and control systems – Part 3‑2: Security risk assessment for system design
- ISA-62443-3-3 (99.03.03)-2013, ISA-62443-3-3 (99.03.03)-2013, Security for industrial automation and control systems – Part 3-3: System security requirements and security levels
Recommended Prerequisites
- Three to five years of experience in the IT cybersecurity field, with some experience in an industrial (OT) setting
- A minimum of two years of experience in a process control engineering setting
- Prior cybersecurity coursework is preferable
- One or more 3rd-party OT cybersecurity certification(s)
- Familiarity with the ISA/IEC 62443 standards is helpful