Online Cyber Security Risk Assessment (TÜV Rheinland)
Engineering Safety Consultants Ltd. is an approved course provider for Cyber Security Risk Assessment training of the TÜV Rheinland Cyber Security Training Program.
Why attend the course?
The Cyber Security Risk Assessment training course is a 4-day training course including a 4-hour exam.
The objective of the course is to provide participants with a fundamental understanding of the principles of IACS Cybersecurity Risk Assessment in the process industries according to IEC 62443 and to understand:
- The role and the process of Security Risk Assessment (SRA) in gaining an understanding of the security risks on the facility and their potential consequences.
- The concept of Security Level – Targets (SL-T) and the Cyber Security Requirements Specification (CSRS).
- The relationship between SL-T and CSRS to the design and implementation of security countermeasures that are capable and able to achieve the security requirements needed of the determined security level.
The course is based around a practical case study that will be developed across the three days of the course taking the delegate through the SRA process. The course is a modular structure of classroom tuition followed by a case study practical, which will take the participant through the SRA process as identified in IEC 62443-3-2.
Day four consists of a four-hour two-part examination based on a multiple choice and an Open SRA examination.
Course Learning Objectives
The objective of the course is to provide participants with a fundamental understanding of the principles of IACS Cybersecurity Risk Assessment in the process industries according to IEC 62443 and to understand:
- The role and the process of Security Risk Assessment (SRA) in gaining an understanding of the security risks on the facility and their potential consequences.
- The concept of Security Level – Targets (SL-T) and the Cyber Security Requirements Specification (CSRS).
- The relationship between SL-T and CSRS to the design and implementation of security countermeasures that are capable and able to achieve the security requirements needed of the determined security level.
The course is based around a practical case study that will be developed across the three days of the course taking the delegate through the SRA process. The course is a modular structure of classroom tuition followed by a case study practical, which will take the participant through the SRA process as identified in IEC 62443-3-2.
Who will benefit
Functional, Process and Technical Safety Engineers, Control and Instrument Engineers and Managers, Process Engineers, Operations personnel and Managers, Maintenance staff, consultants, advisors and persons involved in Management, Engineering, Operations and safety of process operations. In addition, persons with PH&RA experience and who are currently involved in Process Hazard and Risk Analysis, and will be required to take part in the Security Risk Assessments and Cybersecurity Requirements Specification.
Pre-requisites for “Cyber Security Risk Assessment (TÜV Rheinland)” Certificate
In accordance with the TÜV Rheinland Functional Safety and Cyber Security Program:
- A minimum of 3 to 5 years experience in a related field (e.g. Control & Instrumentation, process engineering, IT/OT, functional safety or cyber security).
- University degree or equivalent engineering experience and responsibilities as certified by employer or engineering institution.
Note: Attending the Fundamentals of Cyber Security training and passing the exam or only passing the exam of the training is a prerequisite to attend the Cyber Security advanced trainings of the TÜV Rheinland Cyber Security Training Program including the Security Risk Assessment course.
Course Leader
The Cyber Security Risk Assessment course is led by Dr Fan Ye, GICSP, CFSE, FS Eng (TÜV Rheinland), CEng, MSaRS, MIET who is a Principal Consultant, Engineering Safety Consultants (ESC) Limited.
Dr Fan Ye has worked in safety consultancy in industries including oil and gas, chemical, nuclear power and defence since completing his PhD in 2005. Fan is a Charted Engineer (CEng) by the Engineering Council via IET. He is a GIAC certified Global Industrial Control Security Professional (GICSP). He is a Certified Functional Safety Expert (CFSE) and TÜV Rheinland and Technis certified Functional Safety Engineer. His expertise lies in the areas of hazard identification and risk assessment, safety case development, safety management, system reliability, and ICS Cyber Security.
Fan is a committee member of both the BSI GEL/65/1 and the IEC 61508 Part 3. Fan has extensive knowledge on international safety standards such as IEC 61508, IEC 61511 and UK Defence Standards and Military of Defence (MoD) policy. Fan is familiar with UK’s Health and Safety legislation and the As Low As Reasonably Practicable (ALARP) principle for safety risk management underpinned by cost benefit analysis.
Fan has chaired and facilitated numerous HAZOP and SIL determination (LOPA) studies in the UK and Middle East. He has also led a number of SIL verification studies and Quantitative Risk Assessments (QRAs) for major projects.
Course Duration & Examination
The course consists of three days of classroom tuition and practical guidance, mixed with practical exercises based on real life examples.
The exam takes place on the fourth day. The exam is 4 hours and consists of two parts:
- Part 1 = 30 multiple-choice questions
- Part 2 = Open-Ended exam
Course Approval Criteria
The pass mark for the examination is 75%.
Language
The course will be undertaken in English.
Re-Exam
(for those who did not pass the examination)
- Within one year after a failed examination, applicants may sign up once for another examination, free of charge. The re-sit of the examination will need to be on one of our other course dates.
- If applicants sign up for attending the training course again, they have to pay full course price