Course Details

Objective

By the end of the course, participants will be able to understand

• Understand the architecture and components of SCADA, ICS, and OT systems.
• Perform comprehensive audits of OT, SCADA, and ICS environments.
• Identify security risks and vulnerabilities within OT and ICS networks.
• Assess the security of devices, protocols, and communication channels in OT/ICS systems.
• Ensure compliance with industry standards and regulations related to OT security.
• Evaluate the resilience and reliability of OT systems and their defenses.

Content

Day 1: Introduction to OT, SCADA, and ICS

• • Overview of Operational Technology (OT), SCADA, and ICS
  • Key components and architectures of OT/ICS systems
  • Differences between IT and OT/ICS environments
  • Role of OT/ICS in critical infrastructure and industries
  • Common protocols and communication methods in OT/ICS systems

Day 2: Auditing OT/ICS Systems

• • Understanding the audit process for OT/ICS environments
  • Assessing system configurations and security controls
  • Key audit objectives and standards for OT/ICS systems
  • Identifying vulnerabilities and risks in OT/ICS systems
  • Methods for assessing system access and user privileges

Day 3: Security Risks and Threats in OT/ICS

• • Common security vulnerabilities in OT/ICS systems
  • Threat landscape: Insider threats, cyberattacks, and physical security risks
  • Impact of security breaches on OT/ICS operations
  • Evaluating device and network security in OT/ICS environments
  • Identifying and addressing weaknesses in communication protocols

Day 4: Compliance and Regulatory Standards

• • Key regulations and standards for OT/ICS security (NIST, IEC 62443, NERC CIP)
  • Compliance requirements for OT/ICS environments
  • Auditing against industry standards
  • Documentation, reporting, and compliance verification
  • Legal and regulatory considerations in OT security audits

Day 5: Auditing OT/ICS Networks and Controls

• • Auditing network architecture in OT/ICS environments
  • Evaluating perimeter security and network segmentation
  • Auditing access control mechanisms for OT/ICS systems
  • Best practices for securing OT/ICS systems
  • Preparing audit reports and presenting findings
  • Final review and course wrap-up

NOTE:

Pre-& Post Tests will be conducted.

Case Studies, Group Exercises, Group Discussions, Last Day reviews, and assessments will be carried out.

Methodology

A highly interactive combination of lectures and discussion sessions will be managed to maximize the amount and quality of information and knowledge transfer. The sessions will start by raising the most relevant questions and motivating everybody to find the right answers. You will also be encouraged to raise your own questions and to share in the development of the right answers using your own analysis and experiences.  Tests of multiple-choice type will be made available on daily basis to examine the effectiveness of delivering the course.

Very useful Course Materials will be given.

• 30% Lectures
• 30% Workshops and work presentation
• 20% Group Work& Practical Exercises
• 20% Videos& General Discussions