On Novem­ber 22, 2018, Man­fred Scholz will lead a semi­nar entit­led “IT Secu­ri­ty in Indus­try” at the Insti­tu­te for Inter­nal Audi­ting Aus­tria in Vien­na. Spe­cial focus will be the IEC 62443 series of stan­dards defi­ning the sta­te of the art in industry.

Terms such as Indus­try 4.0 or IoT stand for the dawn of a new age and the visi­on of end-to-end digi­tiza­ti­on of all pro­duc­tion pro­ces­ses. The net­wor­king of pro­duc­tion and indus­tri­al plants and their IT com­pon­ents with office IT that is requi­red for this means that the secu­ri­ty risks alre­a­dy known from clas­sic IT are also beco­ming incre­asing­ly important in this area. The use of indus­tri­al con­trol sys­tems in the area of cri­ti­cal infra­struc­tures pres­ents a par­ti­cu­lar challenge.

Respon­si­bi­li­ty for the secu­ri­ty of the sys­tems lies not only with the manu­fac­tu­rer, but the inte­gra­tors and ope­ra­tors must also be held accoun­ta­ble. Over­co­ming the­se chal­lenges requi­res a struc­tu­red approach. “Secu­ri­ty by design” is, howe­ver, an essen­ti­al pre­re­qui­si­te here for the imple­men­ta­ti­on of all fur­ther-rea­ching secu­ri­ty mea­su­res. The IEC 62443 series of stan­dards “Indus­tri­al com­mu­ni­ca­ti­on net­works — IT secu­ri­ty for net­works and sys­tems” defi­nes the “sta­te of the art”, spe­ci­fies the requi­re­ments and the pro­ce­du­re for secu­ring pro­duc­tion and indus­tri­al plants.

Tar­get group

The semi­nar pro­vi­des an over­view of secu­ri­ty risks and intro­du­ces IEC 62443 as a pos­si­ble approach to secu­ring. Pri­ma­ry tar­get group are respon­si­ble and inte­res­ted per­sons in the revi­si­on, the IT depart­ment, secu­ri­ty offi­cers but also exe­cu­ti­ves and mana­ging direc­tors who want to inform them­sel­ves about the risks and the pos­si­ble solu­ti­on approaches.

Metho­do­lo­gy

  • Lec­tu­re
  • prac­ti­cal case studies
  • Dis­cus­sion

Semi­nar contents

  • INTRODUCTION
  • Initi­al situation
  • Gene­ral conditions
  • Task of the audit
  • Cur­rent thre­at situa­ti­on (e.g. cyber attacks)
  • Basic con­cepts of IT and infor­ma­ti­on security
  • Stan­dards and norms
  • Struc­tu­re of the IEC 64443 stan­dards group
  • Deal­ing with the pro­duct and sys­tem life cycle
  • Risk assess­ment procedures
  • What does “secu­ri­ty by design” mean in the indus­tri­al environment?
  • Requi­re­ments for manu­fac­tu­r­ers, inte­gra­tors and operators
  • Safe­ty ver­sus IT security
  • Secu­ri­ty levels accor­ding to IEC 62443
  • Secu­ring net­work tran­si­ti­ons bet­ween office IT and plant networks
  • Importance of net­work seg­men­ta­ti­on and secu­ri­ty zones
  • Secu­ri­ty of remo­te main­ten­an­ce access
  • Struc­tu­red approach to the deve­lo­p­ment of secu­ri­ty concepts
  • Out­look on future developments

Spea­k­er:

Man­fred Scholz
Mana­ging Direc­tor SEC4YOU
Direct contact
Fol­low-up to fur­ther infor­ma­ti­on on IEC 62443

Link: Regis­tra­ti­on