Security management in the SCADA environment
Duration: 4.5 days
This five-day intensive course enables participants to develop the necessary expertise to plan, design, and implement an effective program to protect SCADA systems. Participants will be able to understand common Industrial Control System (ICS) threats, vulnerabilities, and risks related to ICS systems and how they can be managed. This training focuses on a mix of knowledge and skills related to SCADA/ICS security.
The course has been designed by industry experts with in-depth experience in SCADA and Industrial Control Systems Security. Unlike other certifications, this course focuses specifically on the knowledge and skills needed by a professional looking to advice on, or manage risks related to SCADA environments and systems. Given the high profile nature, and the significant impacts associated with such environments, a holistic professional approach to security is needed and that is exactly what this course is designed to provide.
In addition to presenting the theoretical knowledge needed by a SCADA Security Professional, a comprehensive methodology for the implementation is presented. Thus, at the end of this course, participants will gain knowledge on how to effectively implement a security program for SCADA/ ICS systems.
- To understand and explain the purpose and risks to SCADA Systems, Distributed Control Systems and Programmable Logic Controllers.
- To understand the risks faced by these environments and the appropriate approaches to manage such risks.
- To develop the expertise to support a pro-active SCADA security program including policies and vulnerability management.
- To define and design network architecture incorporating defense in depth security controls for SCADA.
- To explain the relationship between management, operational and technical controls in a SCADA security program.
- To improve the ability to design resilient high availability SCADA systems.
- To be able to manage a program of effective security testing activities.
Day 1: Introduction to SCADA and ICS with Fundamental Principles
- Course objective and structure
- Fundamental principles and concepts of SCADA and SCADA Security
- Industrial Control Systems (ICS) characteristics, threats and vulnerabilities
Day 2: Designing a Security Program and Network Security Architecture
- SCADA Security Program, design, development and implementation
- Risk assessment
- Network security architecture for SCADA Systems
Day 3: Implementing ICS Security Controls, Incident Management and Business Continuity
- Development and implementation of security controls for SCADA Systems
- Incident management in relation to SCADA
- Business Continuity and Disaster recovery
- Monitoring, measurement analysis and evaluation of SCADA security
Day 4: Security testing of SCADA systems
- Testing principles
- Legal and ethical issues
- Penetration testing approaches
- Security testing of ICS
- Management of a penetration test
- Documentation of the test, quality review and report
- Maintaining a testing program
Day 5: Certification Exam
Knowledge of SCADA systems is preferred.
This training is based on both, theory and practice:
- Sessions of lectures illustrated with examples based on real cases
- Practical exercises
- Review exercises to assist the exam preparation
- Practice test similar to the certification exam
Who should attend?
- Security professionals wanting to gain SCADA security professional skills
- IT staff looking to enhance their technical skills and knowledge
- IT and Risk Managers seeking a more detailed understanding of ICS and SCADA systems
- SCADA system developers
- SCADA Engineers and Operators
- SCADA IT personnel
Examination and Certification
The “PECB Certified Lead SCADA Security Professional” exam fully meets the requirements of the PECB Examination and Certification Program (ECP). The exam covers the following competence domains:
- Domain 1: Fundamental principles and concepts of SCADA and SCADA Security
- Domain 2: Industrial Control Systems (ICS) characteristics, threats and vulnerabilities
- Domain 3: Designing and Developing an ICS Security Program based on NIST SP 800-82
- Domain 4: Network Security Architecture for SCADA Systems
- Domain 5: Implementation of Security Controls for SCADA Systems
- Domain 6: Developing Resilient and Robust Systems
- Domain 7: Security testing of SCADA Systems
Duration: 3 hours
After successfully completing the “PECB Certified Lead SCADA Security Professional” exam, participants can apply for the credentials of PECB Certified SCADA Security Professional.
- Exam and certification fees are included in the training price
- A student manual containing over 500 pages of information and practical examples will be distributed to the participants
- A participation certificate of 31 CPD (Continuing Professional Development) credits will be issued to the participants
- In case of failure of an exam, participants are allowed to retake the exam for free under certain conditions
- To maintain the credentials, an annual maintenance fee (AMF) of $100 per certificate has to be paid.
Maximum number of participants: 10 people
Price: On request
The training is conducted in English.