Assessing the Cybersecurity of New or Existing IACS Systems (IC33)

Course Details

Course: Assessing the Cybersecurity of New or Existing IACS Systems (IC33)
Length: 3 days
ISA-memberprice: € 1.875,-
Exam: € 200,-
Non ISA-memberprice: € 2.275,-

Exam ISA/IEC 62443 Cyber Security Risk Assesment Specialist;
1 half day
Location: Prometric Testing Center visit

CEU Credits: 2.1
Part of the ISA/IEC 62443 Cybersecurity Certificate Program
Certification of Completion: A Certificate of Completion indicating the total number of CEUs earned will be provided upon successful completion of the course. The ISA/IEC 62443  Cyber Security Risk Assesment Specialist certificate will be treated as actual for a period of 3 years. After this, you need to retake the exam to extend your certificate.


The first phase in the IACS Cybersecurity Lifecycle (defined in ISA 62443-1-1) is to identify and document IACS assets and perform a cybersecurity vulnerability and risk assessment in order to identify and understand the high-risk vulnerabilities that require mitigation.  Per ISA 62443-2-1 these assessments need to be performed on both new (i.e. greenfield) and existing (i.e. brownfield) applications. Part of the assessment process involves developing a zone and conduit model of the system, identifying security level targets, and documenting the cybersecurity requirements into a cybersecurity requirements specification (CRS).

This course will provide students with the information and skills to assess the cybersecurity of a new or existing IACS and to develop a cybersecurity requirements specification that can be used to document the cybersecurity requirements the project.

The ISA/IEC 62443 CyberSecurity Certificate exam is closed book – no reference material will be allowed in the exam room. A calculator will be provided for you on the computer at the testing center. You will not be able to bring any personal items into the exam room. A secure location will be provided for you to store your belongings while you take the exam, but the space is limited. Report to the testing center 30 minutes prior to your exam time to sign-in and receive testing instructions. You must bring the Prometric confirmation and identification in order to sit for your exam.

The exam is only available electronically through a Prometric testing center. To view the locations that are available in the Prometric network for ISA/IEC 62443 CyberSecurity certificate exams, visit may reschedule your exam only once with no penalty, but you must do so 2 days (48 hours) prior to the exam date in the US and Canada, or 5 days (120 hours) prior to the exam date in all other Prometric locations. A € 150,- reschedule fee will apply if you do not cancel your appointment in advance. You must complete all testing within the eligibility period, or you will have to complete the course again in order to pursue the certificate.

You will be able to:

  • Identify and document the scope of the IACS under assessment
  • Specify, gather or generate the cybersecurity information required to perform the assessment
  • Identify or discover cybersecurity vulnerabilities inherent in the IACS products or system design
  • Organize and facilitate a cybersecurity risk assessment for an IACS
  • Identify and evaluate realistic threat scenarios
  • Identify gaps in existing policies, procedures and standards
  • Establish and document security zones and conduits
  • Prepare documentation of assessment results

Classroom/Laboratory Exercises:

  • Critiquing system architecture diagrams
  • Asset Inventory
  • Gap Assessment
  • Windows Vulnerability Assessment
  • Capturing Ethernet Traffic
  • Port Scanning
  • Using Vulnerability Scanning Tools
  • Perform a high-level risk assessment
  • Creating a zone & conduit diagram
  • Perform a detailed cyber risk assessment
  • Critiquing a cybersecurity requirements specification

Who Should Attend:

  • Control systems engineers and managers
  • System Integrators
  • IT engineers and managers industrial facilities
  • IT corporate/security professionals
  • Plant Safety and Risk Management


This course can be brought to your location. The expert instruction and training materials come to your facility. All you have to do is pick the time and place – we do the rest!
For more information on ISA’s Onsite Training, or for a comprehensive needs analysis, please e-mail us.
For a confidential price estimate on bringing an ISA Europe course to your location, simply complete and submit the Onsite Training Quotation Form.

Courses are taught in English, Dutch, German, French or Spanish. See the specific training to see in which language the course is taught.
Cursussen worden gegeven in het Engels, Nederlands, Duits, Frans of Spaans. Zie de specifieke training om te zien in welke taal de cursus wordt gegeven.
Die Kurse werden in Englisch, Niederländisch, Deutsch, Französisch oder Spanisch angeboten. Auf der jeweiligen Schulungsseite erfahren Sie, in welcher Sprache der Kurs unterrichtet wird.
Los cursos se imparten en inglés, holandés, alemán, francés o español. Consulte la capacitación específica para ver en qué idioma se imparte el curso.
Les cours sont dispensés en anglais, néerlandais, allemand, français ou espagnol. Voir la formation spécifique pour voir dans quelle langue le cours est enseigné.


ISA members: € 1.875,-
Non-ISA members: € 2.275,-  (ISA membership: € 125,-)

Exam: €200,-