Cyber Security acc. to IEC 62443-4 for Components | 7-9 february 2023 | Milan
TÜV Rheinland offers this training within the new TÜV Rheinland Cyber Security Training Program.
Participants have the possibility to obtain an official verification of their expertise in Cyber Security. By continuous participation in this 4 day training and passing a final exam successfully, they will receive a "CySec Specialist (TÜV Rheinland)" certificate.
This certificate states that specific knowledge within the field of Cyber Security in Industrial Application for Component design and development has been achieved.
The training focuses on technical details regarding the development of system components which need to fulfill a Security Level (SL). All requirements of relevant standards to achieve a product with a defined security level, will be introduced and discussed.
Emphasis will also be put on the analysis of weak points, specific security related product development and documentation issues as well as required test or assessment processes.
Contents of this training refer to the international standard IEC 62443. Topics will be explained and discussed on the basis of concrete examples. We recommend to attend the one-day workshop "Cyber Security in Industrial Automation" as preparation for the training.
Target group
Developers, testers, programmers, project managers etc. who are responsible for the development of control systems and network components for industrial automation.
Requirements for the "CySec Specialist (TÜV Rheinland)" Certificate
Participants shall fulfil the following requirements:
A minimum of 3 years experience in the field of safety or security of industrial control systems.
technical degree (Bachelor, Master, Diplom or similar) as engineer, IT specialist or professional, computer scientist, physicist
or
equivalent experience and responsibilities as certified by employer.
(Persons without any experience may attend the training and exam. In case of passing the exam the CySec Specialist (TÜV Rheinland) certificate will be issued as soon as 3 years of required business experience are fulfilled.)
Agenda
DAY1
Security in Industrial Automation and Control Systems (IACS)
- Security Incidents and Lessons Learned
- Status and Future of IACS
- Attackers and their Motivation
Basics of Cyber Security
- Definition of Cyber Security
- Fundamental Security Principles
- Comparison IT-Security / Cyber Security
- Relation between Functional Safety and Cyber Security
- Terms of Cyber Security
- Defense in Depth
Cryptography
- Symmetric / Asymmetric Cryptography
- Hash Function
Cryptanalysis
- Brute-Force Attack
- Analytical Attack
Legal Aspects
- Security Directive for Network and Information Systems
- IT Security Law
Security Level
- Security Zones
- Security Level Capability
- Security Level Vector
DAY2
Security Management Plan
- Development Process
- Configuration Management
- Device Categories
- Process Tailoring
- Product Integrity / Code Signing
- Processes for externally provided components
- Security Related Issue Handling
Security Risk Assessment and Threat Modelling
- STRIDE Model
Secure Software Development Process
- Security Requirements Specification
- How to Specify
- What to Specify
- Software Architecture Design
- Network Design
- Data Resources
- Attack Surfaces
- Interface Description
- Detailed Software Design
- Design Properties / Methods
- Best Design Practices
- Input Validation
- Module Implementation
- Coding Standard
- Static Analysis
- Code Review
- Module Testing
- Equivalence Classes
- Boundary Value Analysis
- Structure Based Testingin Industrial
DAY3
Security Verification and Validation
- Functional Testing
- Threat Mitigation Testing
- Penetration Testing
- Fuzzing
Patch- and Update Management
Security Guidelines
Technical Requirements and Application of IEC 62443-4-2
- Identification and Authentication Control
- Use Control
- System Integrity
- Data Confidentiality
- Restricted Data Flow
- Timely Response To Events
- Resource Availability
DAY4
Exam: duration approx. 3-4 hours.
Date: 7-9 - February 2023
Registration form
Connettiti con noi!
Back to top
