Security and Audit Considerations for Industrial Control Systems (ICS) - ASN120

Description

This course is designed to assist auditors, examiners, operational technology and information technology professionals with understanding the essential elements of security for Industrial Control Systems (ICS) including Supervisory Control and Data Acquisition (SCADA). Through improving knowledge in this area, attendees will be better able to understand the risks facing this technology and provide assurances that organizational risks are appropriately mitigated.

ICS represent a growing concern as a cyber threat target. ICS technology often has a long lifespan and the older systems in use today were not designed with cyber threats in mind. As more of these systems become network and internet connected to improve supportability and response, the potential to compromise these systems increases. Typically managed by operational technology staff, the security focus of these systems is availability first, followed by integrity then confidentiality; the reverse order from what information technology security focuses on (confidentiality, integrity then availability.) Furthermore, since availability is the primary concern for these systems, artifacts and evidence of cyberattacks is often erased during the course of restoring system availability leading to a lack of visibility and reporting on this global threat.

Attendees will learn about the similarities and differences between information technology security and operational technology security, best practices for operational technology security and how to develop ICS technology audit programs.

 

Prerequisites: Foundational knowledge of information security and audit for industrial control systems
Advance Preparation: None
Learning Level: Basic
Field: Auditing
Delivery Method: Group-Live

 

What you will learn

1. Introduction to Operational and Information Technologies

• network architectures and components
• similarities and differences
• ICS processes
• ICS communications and data flow

2. Unique Threats to ICS Technologies
• ICS incidents vs. threats
• consequences of ICS incidents
• potential ICS cyber-attack scenarios
• challenges with forensics

3. Case Studies
• real-world examples of ICS “incidents”; cyber or not?

4. ICS Security Frameworks
• Critical Infrastructure Framework (NIST)
• NIST Guide to ICS Security

5. Risks and Risk Management
• ICS vulnerabilities
• best practices in ICS risk assessments

6. Audit Considerations for ICS

Further information

MIS Training Institute
Provider:
MIS Training Institute
Duration:
3 Days
Price:
POA
Availability:
Scheduled dates
Course type:
Classroom
Locations:
Amsterdam, Atlanta, GA, Bandar Seri Begawan, Boston, MA, Burlington, MA, Cape Town, Charlotte, NC, Chicago, IL, Dallas, TX, Denver, CO, Dubai, Dublin, Dublin, OH, Hong Kong, Houston, TX, Las Vegas, NV, London, Manila, New York, NY, Oman, Orlando, FL, Philadelphia, PA, San Diego, CA, San Francisco, CA, Seattle, WA, Singapore, Virtual Training Room Only, Washington, DC

Contact Information

MIS Training Institute

153 Cordaville Road
Suite 200
Southborough
01772 USA

Credentials

Locations