My Dashboard

Customer Information
Tel.: +45 4477 4477
Fax: +45 4477 4016

Risk Assessment in the OT Cyber Security area (IK-SECRISC)

  • The setting of IEC 62443 includes the entire life cycle of products, from their conception in terms of components and systems, their integration into automation systems, up to their disposal by the end user. The fourth part of the standard defines lifecycle and requirements for component manufacturers (understood as embedded, host, network and software) and systems or those products made by combining components and which will be placed on the market as such in order to be configured as necessary in specific installations. This module traces this lifecycle based on IEC 62443-4-1 covering product design, implementation, testing and finally technical support and documentation, in order to implement the processes necessary for the conception and provision of integrators. and end-user of products developed in accordance with a very specific process from a security point of view and with the relative performances (understood as capability) known and declared. In addition, the manufacturer is required to organize a technical assistance service in order to support the end user in resolving potential critical issues that may occur during the useful life of the product in the security field, such as those related to the mitigation of vulnerabilities. that can be found on the products. In addition to the process, the IEC 62443-4-2 standard also defines the technical requirements which, in analogy to the IEC 62443-3-3 systems, with which the components must comply in order to declare the security performance required in terms of security level and therefore be integrated according to the objectives of an end user or integrator in a very specific automation solution.


  • After attending the course you will be able to:
    • Set up an industrial cyber security risk assessment process
    • Define the criteria and methods for carrying out a risk assessment
    • Describe how cyber business risks are assessed and presented
    • Understand how threat intelligence is acquired and how credible threat assessment can be done
    • Understand what a vulnerability is, how it is categorized and cataloged, how it can be exploited to carry out an attack
    • Understand how to carry out a vulnerability analysis, with what purpose and with which tools to carry it out
    • Understand how a risk is estimated and assigned a security level and how to get to the zoning and segmentation of the network
    • Describe the reference architectures presented in IEC 62443 and understand how to use them within a specific infrastructure
    • Understanding how to protect the most critical areas of the plant
    • Understand the security requirements organized in IEC 62443-3-3 and how they contribute to the security objectives
    • Describe how a cyber security specification is born and its importance
Type E-Learning
Duration 8 hours
Language en

Target Group

  • This course is intended for manufacturers of products (components and systems) and integrators.


    • The assessment process for IEC 62443-2-1 and the contextualization of the criteria and method with reference to IEC 62443-3-2
    • The business rationale, as a fundamental criterion and step for determining the impact on the business of a potential attack
    • High-level risk analysis and determination of critical assets and credible threats
    • Network analysis, active and passive scans, vulnerability analysis, penetration tests, all tools for obtaining valuable information on an industrial network
    • Dynamics and simulations of attack, vectors and attack scenarios within the detailed risk assessment.
    • Detailed risk analysis, how to use the information from the high-level risk assessment and vulnerability analysis to determine the real risk on plants
    • What is the result of the assessment: security level, zoning and determination of the necessary processes and measures
    • The link between IEC 62443-3-3 and the result of the risk assessment
    • From risk assessment to cyber security specifications and related implementation
    • From the security level target to the security level actually reached, how to measure security performance
  • The course includes examples, developed on real components and systems, albeit in the laboratory.
  • During the course, group and individual exercises will be carried out to facilitate and verify the learning of the topics described.


  • Basic knowledge of automation systems and networks, familiarity with the principles and methods of risk assessment.


3,995 EUR