Kontakt os
Scanning Plexus Animation (Light Version)

ISA/IEC 62443 Cybersecurity Risk Assessment Specialist with official certification (IC33)

  • 28–30 January 2026 / 1–3 April 2026
  • Lyngbyvej 2, 2100 Copenhagen
  • Non ISA member DKK 20,500.00 / ISA member DKK 16,400.00 (excl. VAT)

The only ISA/IEC 62443 Training with official certification (*)

Course #: IC33 | CEUs: 2.1 | Length: 3 days | Hours: 9:00 – 17:00 | A certificate of completion indicating the total number of CEUs earned will be provided upon successful course completion.

Assessing the Cybersecurity of new or existing IACS systems (IC33) provides the information and skills needed to assess the cybersecurity of a new or existing industrial automation and control system (IACS) and develop a cybersecurity requirements specification (CRS) that can be used to document the project’s cybersecurity requirements.

IC33 focuses on the first phase of the IACS cybersecurity lifecycle, as defined in the ISA/IEC 62443-1-1 standard. Learn to identify and document IACS assets and perform cybersecurity vulnerability and risk assessments to identify and understand the high-risk vulnerabilities that require mitigation. Per ISA/IEC 62443-2-1, these assessments need to be performed on both new (i.e., greenfield) and existing (i.e., brownfield) applications. Part of the assessment process involves developing a zone and conduit model of the system, identifying security level targets and documenting the cybersecurity requirements in a CRS.

This instructor-led training will be in English.

(*) This course is part of the official ISA/IEC 62443 Cybersecurity Certificate Program.

Certificate Program: IC33 is the second course in the ISA/IEC 62443 Cybersecurity Certificate Program. Pass the exam to earn the ISA/IEC 62443 Cybersecurity Risk Assessment Specialist certificate. Course registration includes one exam fee.

Required Prerequisites

Successful completion of Using the ISA/IEC 62443 Standards to Secure Your Control Systems (IC32) and passing the ISA/IEC 62443 Cybersecurity Fundamentals Specialist certificate exam are mandatory prerequisites for this course.

Who Should Take IC33?

  • Control systems engineers and managers
  • System integrators
  • IT engineers and managers in industrial facilities
  • Plant managers
  • Plant safety and risk management personnel

Learning Objectives

  • Identify and document the scope of the IACS under assessment
  • Specify, gather, or generate the cybersecurity information required to perform the assessment
  • Identify or discover cybersecurity vulnerabilities inherent in the IACS products or system design
  • Interpret the results of a Process Hazard Analysis (PHA)
  • Organize and facilitate a cybersecurity risk assessment for an IACS
  • Identify and evaluate realistic threat scenarios
  • Identify and assess the effectiveness of existing countermeasures
  • Identify gaps in existing policies, procedures, and standards
  • Evaluate the cost, complexity, and effectiveness of new countermeasures to make meaningful recommendations
  • Establish and document security zones and conduits
  • Develop a Cybersecurity Requirements Specification (CRS)

Topics Covered

  • Preparing for an Assessment
    • Security lifecycle
    • Scope
    • System architecture diagrams
    • Network diagrams
    • Asset inventory
    • Cyber criticality assessment
  • Cybersecurity Vulnerability Assessment
    • Risk
    • Types of cybersecurity vulnerability assessments
    • High-level assessments
    • Passive and active assessments
    • Penetration testing
    • Conducting high-level assessments
    • Assessment tools
    • Cyber Security Evaluation Tool (CSET)
  • Conducting Vulnerability Assessments
    • Vulnerability process
    • Pre-assessment
    • Standards
    • Research
    • Kick off and walk-through
    • Passive data collection
    • Active data collection
    • Penetration testing
  • Cyber Risk Assessments
    • Understanding risk
    • Risk identification, classification, and assessment
    • ISA/IEC 62443-2-1
    • System under Consideration (SuC)
    • Conduct high-level risk assessment
    • Consequence scale
    • Establish zones and conduits
    • Zone and conduit drawings and documentation
    • Document cybersecurity requirements
  • Conducting Cyber Risk Assessments
    • Detailed cyber risk assessment process
    • Threats
    • Vulnerabilities
    • Consequences
    • Likelihood
    • Calculate risk
    • Security levels
    • Countermeasures
    • Residual risk
    • Documentation
  • Critiquing System Architecture Diagrams
    • Asset inventory
    • Gap assessment
    • Windows vulnerability assessment
    • Capturing Ethernet traffic
    • Port scanning
    • Using vulnerability scanning tools
    • Perform a high-level risk assessment
    • Creating a zone and conduit diagram
    • Perform a detailed cyber risk assessment
    • Critiquing a cybersecurity requirements specification
  • Documentation and Reporting
    • Document to maintain
    • Required reports
    • Zone and conduit diagrams
    • Cybersecurity Requirements Specification (CRS)

Exercises

  • Asset inventory
  • Perform a high-level cybersecurity risk assessment
  • High-level risk assessment using CSET
  • Vulnerability scanning
  • Pentest Windows XP using Kali Linux
  • Creating a zone & conduit diagram
  • Detailed risk assessment

Details

  • Walk in: 08:30
  • Start: 09:00
  • End: 17:00
  • Organizer: Frontdoorsecurity ApS / ISA Denmark Section
  • Venue: Lyngbyvej 2, 2100 Copenhagen Ø
Course details
  • 28–30 January 2026 / 1–3 April 2026
  • Lyngbyvej 2, 2100 Copenhagen
  • Non ISA member DKK 20,500.00 / ISA member DKK 16,400.00 (excl. VAT)
Enroll course
Enroll course
  • 28–30 January 2026 / 1–3 April 2026
  • Lyngbyvej 2, 2100 Copenhagen
  • Non ISA member DKK 20,500.00 / ISA member DKK 16,400.00 (excl. VAT)