Governance and Management
of Energy Cybersecurity

By the end of this training course, the participants will be able to:

• Understand the Energy Sector environment and explain its architecture
• List and explain how cybersecurity is applied to critical infrastructures
• List and describe the various cybersecurity management frameworks
• Apply the IEC/ISA CSMS to your organization
• Analyze the guidance on the IEC/ISA CSMS

Participants to this course will receive a thorough training using several techniques that include coverage of material, discussions, breakout exercises, videos, and tests. The hands-on breakout exercises will be performed in groups and will enable participant to apply the material to real world scenarios with active discussions with other members of the group.

The organisation will benefit from understanding the principles of cybersecurity of the Energy Sector with emphasis on the governance and management aspects and how these can be applied.

The organisation will benefit from this training course through:

• Enhancing analytical and problem solving skills
• Learning how to analyze the cybersecurity of Energy and Power infrastructures
• Being able to apply cybersecurity governance and management best practices
• Learning how to perform cybersecurity risk assessment
• Apply cybersecurity management systems
• Developing cybersecurity plans including those for monitoring, event management, and incident response
• Becoming adaptive and improve their cybersecurity while at the same time serve stakeholders and the public at the highest level

The participants will gain or enhance their understanding and application of cybersecurity governance and  management. The training course will be of personal benefit to delegates by enabling them to:

• Understand how attacks happen in an Energy Sector environment
• Understand cybersecurity management frameworks and designing cybersecurity countermeasures
• Develop various cybersecurity plans including information monitoring and incident response
• Apply best practices of cybersecurity governance and management
• Apply methods to perform cybersecurity risk assessment and mitigation
• Recognize the need and benefits of cybersecurity management frameworks
• Understand and apply the IEC/ISA 62443 cybersecurity management system

This training course is intended for people involved in operations, software, services, Energy and Power infrastructure, IT experts, as well as researchers and consultants involved in cybersecurity, management, big data, communications, project management and energy and power plants.

This training course is suitable for a wide range of professionals but will greatly benefit: 

• IT, OT, and Cybersecurity Professionals
• Operators and Professionals in the Energy Sector
• Process control facilities
• Enterprises involved in the design of Energy and Power plants
• Project Managers
• Technology Engineers, Chief Technology Officers (CTOs) and Chief Information Officers (CIOs)
• Strategic Development Personnel
• Operators, Engineers, Managers, and Researchers
• Energy, Power, and Cybersecurity Industry Consultants

DAY ONE: CYBERSECURITY AND THE ENERGY SECTOR 

• Overview of Energy Cybersecurity
• Differences between Governance and Management
• Cybersecurity governance
• Cybersecurity management
• Cybersecurity risk and assessment
• Safety Culture 

DAY TWO: CYBERSECURITY OF CRITICAL INFRASTRUCTURES 

• Industrial Cybersecurity vs IT Cybersecurity
• IACS: Industrial Automation and Control System
• Cyber-physical systems and OT cybersecurity
• Safety critical and Security critical infrastructures
• Cybersecurity risk
• TARA: Threat analysis and risk assessment
• Cybersecurity countermeasures

DAY THREE: CYBERSECURITY MANAGEMENT SYSTEMS 

• Cybersecurity management systems (CSMS)
• Cybersecurity frameworks
• ISO/IEC 27001/2
• NIST Cyber Security Framework (CSF)
• NIST Special Publication (SP) 800-53
• COBIT 5
• HITRUST Common Security Framework (CSF) 

DAY FOUR: IEC/ISA 62443 CYBERSECURITY MANAGEMENT SYSTEM 

• Elements of the IEC/ISA 62443 CSMS
• Risk analysis
• Addressing risk with the IEC/ISA 62443 CSMS
• Selected security countermeasures and implementation
• Monitoring and improving the IEC/ISA 62443 CSMS 

DAY FIVE: GUIDANCE ON IEC/ISA 62443 CSMS 

• Guidance for developing the elements of a CSMS
• Process to develop a CSMS
• Apply the IEC/ISA CSMS
• CSMS Audit Assessments
• CSMS Self-assessment