Training on the 62443 standard applied to components.
This course provides an overview of how IACS product suppliers can leverage on the ISA/IEC 62443 series of standards to implement a security development lifecycle and to develop secure-by-design IACS components. By understanding the value of ISA/IEC 62443 standards companies can choose to incorporate these standards in their development lifecycle, adding value to their products.
The goal of the training is to address security topics for industrial components leveraging on the ISA/IEC 62443 standard. Two specific parts of the standard are looked into in further detail: part 4-1, that introduces the concept of maturity levels and part 4-2, that introduces the concept of security levels.
The concepts taken from these sections of the standard have practical relevance both for product development and for security assessment.
Before diving into some of the more practical aspects introduced by the 4-1 and 4-2 standard parts, the training provides both an introduction to the basic underlying technical concepts and contextualization in the application domain, analyzing the typical requirements and needs of the industrial sector.
The course consists of the following main topics:
• Introduction to Security Concepts
• Security in the Industrial Context
• The ISA/IEC 62443 Standard
• Concepts from the 62443 Standard
• Foundational Requirements and Security Levels (62443-4-2)
• Practices and Maturity Levels (62443-4-1)
The training is targeted at professionals working for companies that deliver components (embedded devices, sw applications, hosts, network devices) used in industrial contexts, including both the technical figures who will directly act according to the procedures defined in the standard (platform developers, embedded SW developers, product testers, technical leaders) and the non-strictly technical professionals (product and project managers, business developers…) who wish to better understand the value brought by application of the 62443 standard to the products and processes that they manage.