From the JRC and after our experience, in order to get the most out of the training, it is advisable for the student to provide:

• Basic notions of industrial environments in the electrical sector: automation and industrial communications.
  Basic knowledge of industrial cybersecurity (cybersecurity in operating technology).

To facilitate this base, before the start of the course, the JRC will offer access to a virtual and dynamic educational resource. This material aims to provide students with a solid understanding of these fundamental concepts.

Our ongoing goal is to ensure maximum success for our students and participants.

• The reason for training in this field lies in the urgent need within the industry for industrial cybersecurity auditors, in order to evaluate or certify the state of industrial facilities in light of the new cybersecurity regulations. The shortage of these professionals is a problem that can only be resolved through specific and rigorous training.

INDUSTRIAL CYBERSECURITY RISK SCENARIOS

THE INDUSTRIAL CONTEXT

• Processes, people, and technology
• The industrial automation pyramid
• The supply chain

INDUSTRIAL SCENARIOS

• Electric sector scenario – RECIN
• Water sector scenario – RECIN
• Food sector scenario – RECIN
• RECIN exercise

CONTROL MODELS FOR INDUSTRIAL FACILITIES

COMMON CONTROL MODELS (IEC 6443, NIST 800-82, AND NIST CSF)

• OTHER CONTROL MODELS (CIS, CCI, ISO/IEC 27033, ISO/IEC 27400, ENS)
• CONTROL MODEL DEPLOYMENT
• Exercise

THE AUDITOR’S RESPONSE TO NEW THREATS

SYSTEMS AUDIT METHODOLOGY

COBIT 2019 METHODOLOGY

• SPECIFIC STANDARDS FOR IT SYSTEMS AUDITOR WORK:
  • ISO 15504. Standard for process maturity level evaluation (CMMI)
  • ISO 20000. Family of standards for IT service management (compatible with ITIL)
  • ISO 22301. Standard for business continuity
  • ISO 27000. Family of standards for Information Systems security
  • ISO 31000. Family of standards for risk management
• THREE LINES OF DEFENSE MODEL
• Exercise

INDUSTRIAL CYBERSECURITY COMPLIANCE

Identifying compliance requirements

• Identifying applicable regulatory and normative frameworks
• Identifying industrial cybersecurity compliance obligations
• Regulatory requirements in cybersecurity
  • Cybersecurity
  • Critical infrastructures
  • Data
  • Machines
• Regulatory resilience requirements
  • Critical infrastructures
  • Essential services
  • Cyber resilience
• Obligations of Critical Infrastructures
• Obligations of the Critical Operator
  • Specific Protection Plan
  • Operator Security Plan

HOW TO AUDIT CYBERSECURITY IN INDUSTRIAL FACILITIES

PRE-AUDIT PLANNING WORK AUDIT PLANNING

• Context, objectives, and final audit scope
• Approach and method
• Timeline and team planning
• Communication plan
• References and evidence lifecycle
• Mitigating controls

AUDIT EXECUTION

• Preparation meetings with infrastructure managers
• Evidence collection methodology

AUDIT COMMUNICATION AND FOLLOW-UP

• Audit processing and final document preparation
• Audit presentation
• Recommendation follow-up cycle
• Exercise

INDUSTRIAL CYBERSECURITY RISKS

• Risk analysis model
• Industrial cybersecurity risks

15:00h to 19:00h (Spain time – CET)

Each student will receive:

A copy for individual use of the following documents:
Cybersecurity Audit Guide for Industrial Facilities.
The presentations used in the course training.
Documentation with all the details of the audits carried out in the course practices.

The training modality is SYNCHRON ONLINE (with free access from any location, you only need a stable internet connection). The sessions will be live via the videoconference system provided by the JRC. These sessions will be recorded and will be available for subsequent viewing by the student for a limited time.

The training material, recordings of the sessions and everything shown during the training will be available to the student for a period of 1 calendar month. During this time, the student will be able to enjoy it with total freedom and availability with remote access.

At the end of the training and having fulfilled the necessary requirements, you will receive an accreditation certificate from the school certifying your attendance, participation and compliance with the training requirements. The CCI School is an internationally recognised organisation whose training, experience, teaching staff and professional team accredit it.

Along with the accreditation certificate, you will receive the Green Professional Credential (which is obtained through the student’s knowledge acquired during the training) of our CCI Industrial Cybersecurity Commitment Recognition Programme.

Payment must be made by credit/debit card. If you can only pay by bank transfer, please contact us for support in this process at escuela@cci-es.org.

Yes, you will be able to subsidise the number of hours included in this training using your training credit through FUNDAE (State Training for Employment Training).

The Centro de Ciberseguridad Industrial is not in charge of the management and processing of your bonus, but we will provide you with all the information and documentation you need so that you can do it.