On Octo­ber 9, 2017, Aka­de­mie Inter­ne Revi­si­on GmbH will be hol­ding a semi­nar in Vien­na entit­led “IT Secu­ri­ty in Indus­try”. The semi­nar will also look at IEC 62443 and Secu­ri­ty by Design, among other topics.

Semi­nar topic:

Terms such as Indus­try 4.0 or IoT stand for the dawn of a new age and the visi­on of end-to-end digi­ta­liza­ti­on of all pro­duc­tion pro­ces­ses. The net­wor­king of pro­duc­tion and indus­tri­al plants and their IT com­pon­ents with office IT that is requi­red for this means that the secu­ri­ty risks alre­a­dy known from clas­sic IT are also beco­ming incre­asing­ly important in this area. The use of indus­tri­al con­trol sys­tems in the area of cri­ti­cal infra­struc­tures pres­ents a par­ti­cu­lar challenge.

Respon­si­bi­li­ty for the secu­ri­ty of the sys­tems lies not only with the manu­fac­tu­rer, but the inte­gra­tors and ope­ra­tors must also be held accoun­ta­ble. Over­co­ming the­se chal­lenges requi­res a struc­tu­red approach. “Secu­ri­ty by design” is, howe­ver, an essen­ti­al pre­re­qui­si­te here for the imple­men­ta­ti­on of all fur­ther-rea­ching secu­ri­ty mea­su­res. The IEC 62443 series of stan­dards “Indus­tri­al com­mu­ni­ca­ti­on net­works — IT secu­ri­ty for net­works and sys­tems” defi­nes the “sta­te of the art”, spe­ci­fies the requi­re­ments and the pro­ce­du­re for secu­ring pro­duc­tion and indus­tri­al plants.

Tar­get audience:

The semi­nar pro­vi­des an over­view of secu­ri­ty risks and intro­du­ces IEC 62443 as a pos­si­ble approach to secu­ring. The pri­ma­ry tar­get group are respon­si­ble and inte­res­ted per­sons in the audi­ting depart­ment, the IT depart­ment, secu­ri­ty offi­cers but also mana­gers and direc­tors who want to learn about the risks and the pos­si­ble solu­ti­on approaches.

From the con­tent (Stan­dards — IEC 62443 — Secu­ri­ty by Design):

  • Initi­al situation
  • Gene­ral conditions
  • Task of the revision
  • Cur­rent thre­at situa­ti­on (What do we have to pro­tect our­sel­ves from?)
  • Basic con­cepts of infor­ma­ti­on security
  • Cur­rent thre­at situa­ti­on (e.g. cyber attacks)
  • Basic terms of IT and infor­ma­ti­on security
  • Stan­dards and norms
  • Struc­tu­re of the IEC 64443 stan­dards group
  • Deal­ing with the pro­duct and sys­tem life cycle
  • Risk assess­ment procedures
  • What does “secu­ri­ty by design” mean in the indus­tri­al environment?
  • Requi­re­ments for manu­fac­tu­r­ers, inte­gra­tors and operators
  • Safe­ty ver­sus IT security
  • Secu­ri­ty levels accor­ding to IEC 62443
  • Secu­ring net­work tran­si­ti­ons bet­ween office IT and plant networks
  • Importance of net­work seg­men­ta­ti­on and secu­ri­ty zones
  • Secu­ri­ty of remo­te main­ten­an­ce access
  • Struc­tu­red approach to the deve­lo­p­ment of secu­ri­ty concepts
  • Out­look on future developments

The semi­nar lea­der is Man­fred Scholz. Ques­ti­ons about the semi­nar can be asked via the semi­nar orga­ni­zer or via our cont­act form.

Fur­ther infor­ma­ti­on about the semi­nar and regis­tra­ti­on link: Aca­de­my Inter­nal Audit Seminarlink

Source: http://www.internerevision.at/