Fundamentals of Cyber Security of the TÜV Rheinland Cyber Security Training Program

Today, the worlds of functional safety and cyber security are inseparably linked in modern plant and process control systems.

This is also reflected by relevant standards regarding functional safety e.g. IEC 61511 with requirements to conduct a security risk assessment to identify the security vulnerabilities for SIS and to provide the necessary resilience against the identified security risks.

Engineers, Project Managers, Plant Managers, Technicians, and all who may be directly or indirectly involved are faced to handle, describe and understand principles of security management.

The 3.5 days Training will provide you with valuable skills and knowledge with a final exam. Participants who pass the exam will receive a “Letter of Confirmation” issued by TÜV Rheinland. This document is a prerequisite in order to attend the advanced trainings of the TÜV Rheinland Cyber Security Training Program “Cyber Security for Components” and/or “Security Risk Assessment”.

Examination

Upon successful completion of the final exam a “Letter of Confirmation” will be issued by TÜV Rheinland.

At the end of this training, you will learn :

  • Terms and Definitions
  • Safety and Security
  • Defense-in-Depth, Zones and Conduits IEC 62443)
  • ISO/IEC 2700x, IEC 62351, National Standards
  • Principals “Cyber Kill Chain”
  • CIA-Triade, Scopes and Measurement
  • Understanding CVE/CVSS/ CWE/NVD

Network Communication

  • Basic Terms and Definitions (ISO/OSI, NAT, Protocol Architecture)
  • Technical measures
  • Firewall (SPI/DPI)
  • 2-FA, PKI, VPN (IPSec / OpenVPN)
  • Multi-Layer Security Models (e.q. Data-Diodes)

Organizational measures

  • ISMS, Policies, Guidelines
  • Risk Assessment
  • Asset, Change-, and Patch-Management

Course Content

Below is the course content, which includes a detailed outline of topics and materials covered in the course. Explore and enhance your knowledge!

Module 1: Introduction, Terms & Definitions  

  • 1.1 Security and Cybersecurity  
  • 1.2 C-I-A triad  
  • 1.3 IT Security vs OT Security  
  • 1.4 Safety and Security  
  • 1.5 Business Model (PPT Framework)
  • 1.6 Threats and Attacks  
  • 1.7 Economic factors  
  • 1.8 Real Cost of Security  
  • 1.9 Cyber Insurance  
  • 1.10 Security Controls  
  • 1.11 Pentesting  
  • 1.12 Cyber Forensics  

Module 2: Standards & Guidelines  

  • 2.1 ITU X1205 2.2 IEC 62443  
  • 2.3 IEC 62351  
  • 2.4 ISO 2700x  
  • 2.5 Country specific standards
  • 2.6 Europe specific standards
  • 2.7 BSI-Grundschutz (ICS modules)
  • 2.8 VDI/VDE 2182
  • 2.9 Industry specific guidelines (NA115, NA163)  
  • 2.10 CERT  
  • 2.11 CVE/ CVSS  

 Module 3: Communication Fundamentals  

  • 3.1 Communication (Introduction, Types, Components and Medium) 3.2 Communication Network (Types, Topology)  
  • 3.3 Wired vs Wireless Network  
  • 3.4 ISO/OSI Layer Model  
  • 3.5 Ethernet  
  • 3.6 VLAN  
  • 3.7 WLAN  
  • 3.8 Bluetooth  
  • 3.9 Mobile 2G/3G/4G  
  • 3.10 IPv4 /IPv6 address and subnet mask (V6)  
  • 3.11 Switch & Hub  
  • 3.12 NAT  
  • 3.13 Routing  
  • 3.14 Segmentation  
  • 3.15 Protocol architecture TCP/IP  
  • 3.16 TCP & UDP  
  • 3.17 Upper layer protocols 

 Module 4: Technical Security  

  • 4.1 Firewall (Introduction, Types, Generation, Modes, Characteristics) 4.2 DMZ  
  • 4.3 Proxy Servers (Introduction, Types)  
  • 4.4 Authentication (Introduction, Types)  
  • 4.5 Authentication Protocols (Kerberos, RADIUS)  
  • 4.6 Cryptography (Introduction, Function, Categories)
  •  4.7 Symmetric encryption  
  • 4.8 Asymmetric encryption  
  • 4.9 Key Management  
  • 4.10 Hashes  
  • 4.11 Digital signatures (MD5, SHA...)  
  • 4.12 Digital Certificates  
  • 4.13 PKI structures  
  • 4.14 VPN  
  • 4.15 IPSec  
  • 4.16 SIEM  
  • 4.17 Anomaly detection 

Module 5: Technical Countermeasures  

  • 5.1 Network segmentation 5.2 Remote access / VPN (remote maintenance)  
  • 5.3 System hardening  
  • 5.4 Redundancy  
  • 5.5 Patch Management  
  • 5.6 Antivirus  
  • 5.7 Virtualization  
  • 5.8 Interface Management  
  • 5.9 IDS / anomaly detection  
  • 5.10 Log / Security monitoring  
  • 5.11 Anti-malware / Intrusion Prevention  
  • 5.12 Whitelisting  
  • 5.13 Identity / access management 

Module 6: Awareness  

  • 6.1 Train the staff 6.2 Internal threats  
  • 6.3 Need to Know Principle  
  • 6.4 Security goals  
  • 6.5 Confidentiality  
  • 6.6 Non-Repudiation  
  • 6.7 Accountability  
  • 6.8 Availability  
  • 6.9 Integrity  
  • 6.10 Threat landscape  
  • 6.11 Known Cyber incidents  
  • 6.12 Cyber kill chain  
  • 6.13 Vulnerabilities  
  • 6.14 Social engineering (Introduction, Techniques) 

Module 7: Organisational Security  

  • 7.1 ISMS 7.2 Policies  
  • 7.3 Guidelines  
  • 7.4 Risk assessment  
  • 7.5 Defence in Depth  
  • 7.6 Process  
  • 7.7 Asset management  
  • 7.8 Change management  
  • 7.9 Patch management  
  • 7.10 Disaster Recovery  
  • 7.11 Backup  
  • 7.12 Business Impact Analysis  
  • 7.13 Recovery Tests  
  • 7.14 Emergency Plan 

Quick Enquiry
Invalid captche!

Related Courses

Automation System Professional course
Siemens WinCC SCADA Programming Course
Siemens Industrial Ethernet Course
ABB VFD course
EMERSON DeltaV S88 BATCH training
Honeywell EPKS C300 DCS Course

Bridge the skills-gap in your workforce. Achieve your upskilling goals.

Browse our extensive portfolio of certifications and courses.