Course Details

Summary

This five-day intensive course enables participants to develop the necessary expertise to plan, design, and implement an effective program to protect SCADA systems. Participants will be able to understand common Industrial Control System (ICS) threats, vulnerabilities, and risks related to ICS systems and how they can be managed. This training focuses on a mix of knowledge and skills related to SCADA/ICS security.

The course has been designed by industry experts with in-depth experience in SCADA and Industrial Control Systems Security. Unlike other certifications, this course focuses specifically on the knowledge and skills needed by a professional looking to advise on, or manage risks related to SCADA environments and systems. Given the high profile nature, and the significant impacts associated with such environments, a holistic professional approach to security is needed and that is exactly what this course is designed to provide.

In addition to presenting the theoretical knowledge needed by a Lead SCADA Security Manager, a comprehensive methodology for the implementation is presented. Thus, at the end of this course, participants will gain knowledge on how to effectively implement a security program for SCADA/ ICS systems.

Who should attend?

• Security professionals wanting to gain lead SCADA security manager skills
• IT staff looking to enhance their technical skills and knowledge
• IT and Risk Managers seeking a more detailed understanding of ICS and SCADA systems
• SCADA system developers
• SCADA Engineers and Operators
• SCADA IT personnel

Learning objectives

• To understand and explain the purpose and risks to SCADA Systems, Distributed Control Systems and Programmable Logic Controllers.
• To understand the risks faced by these environments and the appropriate approaches to manage such risks.
• To develop the expertise to support a pro-active SCADA security program including policies and vulnerability management.
• To define and design network architecture incorporating defense in depth security controls for SCADA.
• To explain the relationship between management, operational and technical controls in a SCADA security program.
• To develop suitable Business Continuity and Disaster Recovery Plans to support the delivery of availability requirements
• To be able to manage a program of effective security testing activities.

Course Agenda

Day 1: Introduction to SCADA and ICS with Fundamental Principles

• Course objective and structure
• Fundamental principles and concepts of SCADA and SCADA Security
• Industrial Control Systems (ICS) characteristics, threats and vulnerabilities

Day 2: Designing a Security Program and Network Security Architecture

• SCADA Security Program, design, development and implementation
• Risk assessment
• Network security architecture for SCADA Systems

Day 3: Implementing ICS Security Controls, Incident Management and Business Continuity

• Development and implementation of security controls for SCADA Systems
• Incident management in relation to SCADA
• Linkage to Business Continuity
• Monitoring, measurement analysis and evaluation of SCADA security

Day 4: Security testing of SCADA systems

• Testing principles
• Legal and ethical issues
• Penetration testing approaches
• Security testing of ICS
• Management of a penetration test
• Documentation of the test, quality review and report
• Maintaining a testing program

Day 5: Certification Exam

Prerequisites

Knowledge of SCADA systems is preferred.

Educational approach

• This training is based on both, theory and practice:
  • Sessions of lectures illustrated with examples based on real cases
  • Practical exercises
  • Review exercises to assist the exam preparation
  • Practice test similar to the certification exam

Examination and Certification

• The “PECB Certified Lead SCADA Security Manager” exam fully meets the requirements of the PECB Examination and Certification Program (ECP). The exam covers the following competence domains:
  • Domain 1: Fundamental principles and concepts of SCADA and SCADA Security
  • Domain 2: Industrial Control Systems (ICS) characteristics, threats and vulnerabilities
  • Domain 3: Designing and Developing an ICS Security Program based on NIST SP 800-82
  • Domain 4: Network Security Architecture for SCADA Systems
  • Domain 5: Implementation of Security Controls for SCADA Systems
  • Domain 6: Developing Resilient and Robust Systems
  • Domain 7: Security testing of SCADA Systems
• The “PECB Certified Lead SCADA Security Manager” exam is available in different languages ( the complete list of languages can be found in the examination application form)
• Duration: 3 hours
• For more information about the exam, refer to the PECB section on PECB Certified Lead SCADA Security Manager Exam
• After successfully completing the “PECB Certified Lead SCADA Security Manager” exam, participants can apply for the credentials of PECB Certified SCADA Security Manager

General information

• Exam and certification fees are included in the training price
• A student manual containing over 500 pages of information and practical examples will be distributed to the participants
• A participation certificate of 31 CPD (Continuing Professional Development) credits will be issued to the participants
• In case of failure of an exam, participants are allowed to retake the exam for free under certain conditions