This Governance and Management of Energy Cybersecurity training course covers the activities involved in the planning, evaluation, running, and monitoring the security of your energy assets. The cyberspace and all it entails including the Energy Sector is no longer the same due to the threats of cybersecurity breaches. These cybersecurity violations have demonstrated that no system, no matter how carefully designed, is secure. The scale, significance, and damage of such incident are vast.
By attending this training course you will get a deep understanding of the crucial steps that are required to plan and manage the protection and defense of your energy and power plants from cyberattacks. The major cybersecurity incidents and breaches clearly indicate that the security of critical infrastructures in the energy sector are more vulnerable than ever. Protecting Cyber-physical systems in the Energy Sector requires proper cybersecurity governance and management best practices.
By the end of this training course, the participants will be able to:
- Understand the Energy Sector environment and explain its architecture
- List and explain how cybersecurity is applied to critical infrastructures
- List and describe the various cybersecurity management frameworks
- Apply the IEC/ISA CSMS to your organization
- Analyze the guidance on the IEC/ISA CSMS
Participants to this course will receive a thorough training using several techniques that include coverage of material, discussions, breakout exercises, videos, and tests. The hands-on breakout exercises will be performed in groups and will enable participant to apply the material to real world scenarios with active discussions with other members of the group.
The organisation will benefit from understanding the principles of cybersecurity of the Energy Sector with emphasis on the governance and management aspects and how these can be applied.
The organisation will benefit from this training course through:
- Enhancing analytical and problem solving skills
- Learning how to analyze the cybersecurity of Energy and Power infrastructures
- Being able to apply cybersecurity governance and management best practices
- Learning how to perform cybersecurity risk assessment
- Apply cybersecurity management systems
- Developing cybersecurity plans including those for monitoring, event management, and incident response
- Becoming adaptive and improve their cybersecurity while at the same time serve stakeholders and the public at the highest level
The participants will gain or enhance their understanding and application of cybersecurity governance and management. The training course will be of personal benefit to delegates by enabling them to:
- Understand how attacks happen in an Energy Sector environment
- Understand cybersecurity management frameworks and designing cybersecurity countermeasures
- Develop various cybersecurity plans including information monitoring and incident response
- Apply best practices of cybersecurity governance and management
- Apply methods to perform cybersecurity risk assessment and mitigation
- Recognize the need and benefits of cybersecurity management frameworks
- Understand and apply the IEC/ISA 62443 cybersecurity management system
This training course is intended for people involved in operations, software, services, Energy and Power infrastructure, IT experts, as well as researchers and consultants involved in cybersecurity, management, big data, communications, project management and energy and power plants.
This training course is suitable for a wide range of professionals but will greatly benefit:
- IT, OT, and Cybersecurity Professionals
- Operators and Professionals in the Energy Sector
- Process control facilities
- Enterprises involved in the design of Energy and Power plants
- Project Managers
- Technology Engineers, Chief Technology Officers (CTOs) and Chief Information Officers (CIOs)
- Strategic Development Personnel
- Operators, Engineers, Managers, and Researchers
- Energy, Power, and Cybersecurity Industry Consultants
DAY ONE: CYBERSECURITY AND THE ENERGY SECTOR
- Overview of Energy Cybersecurity
- Differences between Governance and Management
- Cybersecurity governance
- Cybersecurity management
- Cybersecurity risk and assessment
- Safety Culture
DAY TWO: CYBERSECURITY OF CRITICAL INFRASTRUCTURES
- Industrial Cybersecurity vs IT Cybersecurity
- IACS: Industrial Automation and Control System
- Cyber-physical systems and OT cybersecurity
- Safety critical and Security critical infrastructures
- Cybersecurity risk
- TARA: Threat analysis and risk assessment
- Cybersecurity countermeasures
DAY THREE: CYBERSECURITY MANAGEMENT SYSTEMS
- Cybersecurity management systems (CSMS)
- Cybersecurity frameworks
- ISO/IEC 27001/2
- NIST Cyber Security Framework (CSF)
- NIST Special Publication (SP) 800-53
- COBIT 5
- HITRUST Common Security Framework (CSF)
DAY FOUR: IEC/ISA 62443 CYBERSECURITY MANAGEMENT SYSTEM
- Elements of the IEC/ISA 62443 CSMS
- Risk analysis
- Addressing risk with the IEC/ISA 62443 CSMS
- Selected security countermeasures and implementation
- Monitoring and improving the IEC/ISA 62443 CSMS
DAY FIVE: GUIDANCE ON IEC/ISA 62443 CSMS
- Guidance for developing the elements of a CSMS
- Process to develop a CSMS
- Apply the IEC/ISA CSMS
- CSMS Audit Assessments
- CSMS Self-assessment
The Certificates
Certificate of Completion will be provided to the participants who attend and complete the training course.
