ISA Cybersecurity Program Increases Awareness of ANSI/ISA99 Standard


Jan 02, 2014


IT and control system security professionals who need to develop a command of industrial cybersecurity terminology and understanding of the material embedded in the ISA99 standards have the opportunity to enroll in a new cybersecurity certificate program from ISA.

The new ISA99/IEC 62443 Cybersecurity Fundamentals Specialist Certificate program from the ISA Committee on Security for Industrial Automation & Control Systems was designed to increase awareness of the ANSI/ISA99 standard (ISA99/IEC 62443). ISA99/IEC 62443 standards apply to all key industry sectors and critical infrastructure, providing the flexibility to address and mitigate current and future vulnerabilities in industrial automation and control systems, according to ISA.

Registrants will receive their ISA99/IEC 62443 cybersecurity certificate upon successfully completing the two-day ISA classroom training course and completing a 75-question multiple choice exam offered through the Prometric testing centers. Those interested in only taking the training course will receive continuing education units (CEUs) upon successful completion.

There are no required prerequisites to register for the program, but ISA recommends professionals have at least three to five years of experience in the IT cybersecurity field, with at least two of those years in a process control engineering environment in an industrial setting.

"Our new cybersecurity certificate program is another step forward in ISA's development as a global leader in industrial cybersecurity standards, training and education, and in building on our commitment to meeting the needs of industrial control systems professionals throughout the world," said Dalton Wilson, manager of Education Services for ISA.

The exam will cover the following areas:

• Understanding the current industrial security environment
• How cyber attacks happen
• Creating a security program
• Risk analysis
• Addressing risk with security policy, organization, and awareness
• Addressing risk with selected security counter measures
• Addressing risk with implementation measures
• Monitoring and improving the CSMS
• Designing/validating secure systems