Loading...

Please Wait...

 

Course Description

Many companies have conducted security vulnerability analyses (SVAs) to evaluate the risks of physical attacks on their facilities and many have been hardened since September 11, 2001. However, the importance of cyber security for manufacturing and computer control systems has only recently been recognized and therefore has not yet been addressed by most industrial companies. Appropriate security measures must be taken to avoid events which could have impacts as tragic as those of September 11, 2001. Lesser cyber attacks have already occurred. Action is needed now to deal with this threat. Companies must conduct cyber security vulnerability analyse (CSVAs) to identify threats to their computer control systems, determine if vulnerabilities are present, and evaluate existing countermeasures to determine if they need to be strengthened or new ones implemented.

This course provides step-by-step instruction in the use of scenario-based, asset-based and sneak-path CSVA methods. Preparation, organization, recording, conducting, reporting, and follow-up of CSVA studies are covered. Attendees will apply CSVA techniques in workshop sessions.

These methods can be used to conduct stand-alone CSVAs, CSVAs as adjuncts to existing physical SVAs, or combined physical and cyber SVAs. They can be used to address cyber (and physical security) not only for manufacturing and control systems but also for IT computer systems used in business management and computer systems used in the value chain (encompassing activities associated with the design, procurement, manufacturing, marketing, distribution, transportation, customer support, use, recycle and disposal of products).

Objective

  • Understand how to perform target and threatanalysis
  • Know how to screen facilities for vulnerabilityanalysis.
  • Be able to participate in or lead CSVA studies.

Target Audience

Individuals who will participate in or lead cyber security vulnerability analyses.

Prerequisite

Familiarity with computer networks and control systems. Knowledge of cyber security. Completion of Primatech's training course, "Understanding and Applying Cyber Security for Manufacturing and Computer Control Systems", meets the prerequisites.

Course Contents

  • Overview
  • Target analysis
  • Threat analysis
  • Risk-based prioritization (facility screening)
  • Preparing and organizing for CSVA
  • Subdividing the system
  • Recording studies
  • Vulnerability analysis methods
  • First CSVA session
  • Vulnerabilities
  • Consequences
  • Countermeasures
  • Risk ranking
  • Recommendations
  • Evaluating countermeasures
  • Reporting
  • Follow-up

Duration / CEUs

  • Two days
  • 1.4 CEUs or 14 PDHs awarded

Tuition

All Courses