Created with the latest technology, Siker eLearning courses will guide you confidently through OT/ IACS cyber security. The script and graphics can be changed to suit your organisations requirements.
Modules can be purchased individually or as a package.
Lesson 1: Governance:
Regulations:
o UK HSE.
o Why secure technology.
o NCSC overview.
o Networking regulations.
Lesson 2: Foundation Concepts:
Concepts:
o Drivers of security.
Risk:
o What is risk?
o Risk terms.
o Describe the assessment method for risk.
Defensive measures:
o Defence in Depth, plus other concepts.
o Good behaviours of staff.
o Asset management, plus asset registers.
Lesson 3: Security Concepts:
Basics:
o What are the threat sources?
o What are the threat causes?
o Using vulnerability and threat information for good.
Malicious Actions:
o Possible outcomes.
o Overview of different access methods.
Lesson 1: Networking in IACS:
Devices:
o Purdue model.
o Network Interface Controllers.
o Switches and switching.
o Routing and routers.
Data flow control:
o OSI model.
o ICMP overview.
o ARP overview.
Lesson 2: Network Security Monitoring
Protective technology:
o Firewalls.
o Intrusion detection/Intrusion prevention systems.
Monitoring:
o Monitoring methods.
Malicious activities:
o Describing network level attacks.
Lesson 3: Architecture
Example architecture:
Resilience:
o Hardware configurations.
o Roll-back and taking backups.
o Preparation and planning, plus exercising.
o Managing spares.
Use of IT in OT:
o IT devices.
o IT comms and protocols.
o Industrial comms over ethernet.
o Misuse.
Lesson 1: Industrial Endpoints:
Types:
o Hardware types.
o OS types.
Lesson 2: Access Control:
Access control:
o Physical security.
o Access accounts.
o Remote access.
User access control:
o User authentication.
o Application user authentication.
o Local and group policies.
o Application user rights.
Endpoint hardening:
o Software removal.
o Time sync.
o Hardware disabling and removal.
o PLC hardening.
o Active protection.
Wireless comms in OT
o WiFi.
o Bluetooth.
o HART.
o ISA100/WiHART (802.14).
Lesson 3: Preventive actions:
Patching and patch management:
o Drivers.
o Patch types.
o Change control.
o Patch sourcing and security.
o Patch installation.
Malicious device prevention:
o Physical measures.
System configuration management:
o Monitoring.
o Audits.
o Business continuity planning.
Management of change:
o Third party management.
o Planning of work.
Lesson 1: Incident Response:
Prepare:
o People and relationships.
o Policies and procedures.
o Support access.
o Business continuity planning.
o Assuring control actions.
Identify:
o Initial triage – is this an incident?
o Backups.
o Evidence gathering.
Containment:
o Risk assessments.
o Managing the spread.
Eradication:
o Removing malware.
o Preventing access.
o Patching and updating.
Recovering:
o Verification.
o Implement further protections.
o Offline analysis.
o Asking for help.
Lessons learned:
o Incident review.
Our eLearning production service includes the following:
Prices vary dependent on changes to text and graphics.
