Training: Securing the Engineer

Training:

SANS Securing the Human for Engineers focuses on security behaviors for individuals who interact with, operate, or support Industrial Control Systems. This program was developed to not only assist your organization in meeting compliance requirements through continued training and standard reporting, but also change human behavior and reduce risk.

This training consists of 12 modules and covers the following topics:

  • Introduction to ICS - This module provides a brief history of ICS, regulation, and the need for ICS-focused security-behavior training.
  • Overview of ICS - This module provides an overview of ICS components, industries, and support personnel roles and responsibilities.
  • ICS Drivers and Constraints - This module goes into detail on the cyber security principle drivers and constraints that impact how a control system needs to be engineered, managed, supported, and interfaced with.
  • Overview of ICS Attacks - This module provides an overview of ICS Threat Actors and examples of ICS-based attacks and trends.
  • ICS Attack Surfaces - This module goes into detail on specific attack approaches that target various layers of the ICS system.
  • ICS Server Security - This module provides concepts specific to defending ICS environments at the server layer.
  • ICS Network Security - This module provides concepts specific to defending ICS environments at the network layer.
  • ICS System Maintenance - This module provides details on ICS system maintenance tasks like; patching, backups, change management, monitoring, and logging.
  • ICS Information Assurance - This module provides details on ICS-focused information assurance program concepts of Risk management, account management, data classification, and defense in depth.
  • ICS Incident Handling - This module covers important ICS incident-response topics for all individuals that interact with ICS environments.
  • Attack Scenario - A detailed walk through of a cyber-attack against an example organization, from the unique perspective of the attacker's actions.
  • Conclusion - A short wrap up to the training.

If your organization is interested in reviewing this training program, please visit us at securingthehuman.sans.org/engineer