Cyber Security Risk Management Training Course

=Method offers the Cyber Security Risk Management training course for those responsible for the security of industrial automation, control and safety systems – known as “operational technology” (OT) to differentiate it from “information technology” (IT). The course recognises that the optimum approach to security in OT may be quite different to what would be considered good practice in an IT environment.

The overall goal of the training is to provide individuals responsible for OT security on industrial sites with sufficient knowledge that they can understand their obligations for legal and regulatory compliance, develop procedures and policies to achieve such compliance, identify and commission competent 3rd party suppliers to carry out necessary tasks and otherwise manage the sites approach to OT security.

The course content is designed to explain the requirements of the various international standards for security and is developed to specifically address the guidance developed by the UK Health and Safety Executive on industrial security.

The course is presented over 3 days, with 2 days of conventional classroom training and the 3rd day comprising a structured role-play exercise (managing a cyber security attack), a review of the learning points highlighted by the role play and a short multiple-choice examination. Satisfying the requirements of the CSComp Cyber Security Management course depends on satisfactory performance in the role play exercise and the examination.

Course Content

Context and Background
- Business, legal and regulatory context for OT security
- Vulnerabilities in OT systems
- Threats – understanding their nature and scale
- Relationship and conflicts between safety and security
- Relationship between IT and OT
Concepts and Guiding Principles for Cyber Security
- The PROTECT > DETECT > RESPOND cycle
- Security measures involving people, processes and technology
- Providing defence in depth
- A graded approach to security measures
- Zones and conduits
- Policy and documentation
First steps in addressing OT cyber security threats
- Business context
- Initial risk assessment and quick security wins
Policy and governance of OT cyber security (management systems)
- Cyber security policy
- Defensive architectures
- Management systems and the cyber security lifecycle
- Methods for cyber security risk management
Data to manage cyber security risk
- Process dependencies
- ProcAsset register
Cyber security risk assessment
- Facility level risk assessment
- System level risk assessment
Implementing and verifying cyber security measures
- Implement and verify counter measures
- Validate, audit, monitor and report
- Prepare (and exercise) incident response measures
Case study
- A case study to reinforce the learning points from Days 1 and 2.

Who should attend

Engineers and professionals who require a broad level of knowledge and may be responsible for OT cyber security, its principles and methods, within their workplace.

Pre-qualification

There are no formal pre-requisites to start the training course - we assume no prior knowledge, but of course experience of cyber security and control and safety instrumentation in general is advantageous.

To complete the course, you must attend the training and demonstrate relevant knowledge during the case study.

After this training course you will be able to

Communicate the essential elements of OT cyber security to your colleagues, management and peers in industry

Apply appropriate cyber security risk management
Understand and play a role in cyber security risk assessment analysis
Determine which assets require protection and identify suitable counter measures

What you will get

All delegates receive:

The course material in printed format
A Certificate of Attendance and upon successful completion of the exercise and examination a CSComp Cyber Security Management Certificate

Course Enquiries

If this course is of interest we would welcome your enquiry to understand your requirements more fully or you can reserve a place on one of our courses.