ICS/SCADA Security Fundamentals

The ICS/SCADA Security Fundamentals skills path provides you with foundational knowledge about SCADA systems and security, including protocols, access controls, physical security, cybersecurity tools and more.

Course

Identification and AAA

16 minutes

This course introduces these important information security concepts: identification, authentication, authorization and accounting (IAAA). It defines the terms, explains the IAAA process and provides an overview of the identity and access management concepts and services, including federation, Single Sign-On (SSO), transitive trust, RADIUS, TACACS+, Kerberos and others.

Course

Access Control Fundamentals

21 minutes

This course covers the fundamental concepts of access control. It introduces common access control models (MAC, DAC, RBAC, ABAC and Rule-Based Access Control) and covers mechanisms for implementing physical and logical access control. The course also covers important account and credential management concepts, including types of user accounts, access policies, secure account management and password security.

Course

Resiliency and Automation

9 minutes

This short course explains the concepts of resiliency and automation in information security. It introduces and explains important terminology, including elasticity, scalability, distributive allocation and redundancy. The course also provides an overview of the Redundant Array of Independent Disks (RAID) and its levels.

Course

Physical Security

9 minutes

This short course introduces common physical security controls, from perimeter defenses such as fences and lighting to environmental controls and physical intrusion detection. The course explains how each control is used for security and highlights benefits and downsides of using some of the controls.

Course

Introduction to Security Controls

17 minutes

This introductory course provides an overview of security control categories (administrative, physical, technical) and types (deterrent, preventive, detective, corrective, compensating). The course also introduces important data security concepts: data sensitivity types (classification) and secure data destruction/sanitization.

Course

Threats and Threat Actors

1 hour, 0 minutes

This course provides an overview of common security threats and threat actors. It defines common types of threat actors, from script kiddies to Advanced Persistent Threats (APTs), and explains their motivation and intentions. Information security threats covered in this course include malware, social engineering, application and service attacks, wireless attacks and attacks on cryptography.

Course

Security Technologies and Tools

1 hour, 0 minutes

This course provides an introductory overview of various information security technologies and tools. It covers network devices (routers, switches, proxies) and their security features, compares different types of firewalls and intrusion detection and prevention systems, and explains other secure networking concepts, such as Virtual Private Networks (VPN) and Network Access Control (NAC). Other topics covered in this course include Security Information and Event Management (SIEM) solutions, Data Loss Prevention (DLP) and other security technologies, such as secure mail and media gateways and Hardware Security Modules (HSM).

Course

Introduction to SCADA Security

9 minutes

This introductory course covers the basic information security concepts related to the security of Industrial Control Systems (ICS) and Supervisory Control And Data Acquisition (SCADA) systems. It starts of with an overview of different types of Industrial Control Systems and common ICS components and provides background information about Basic Process Control Systems (BPCS) and Safety Instrumentation Systems (SIS). The course also highlights the strengths and weaknesses of ICS/SCADA systems when it comes to security.

Course

ICS Protocols

37 minutes

This course provides basic information about security features of common protocols used in Industrial Control Systems (ICS). It provides a brief overview of the evolution of Process Control Networks (PCN), compares and contrasts ICS environments with other Information Technology systems, and walks through relevant features of commonly used ICS protocols, including Modbus, DNP3, HART, PROFIBUS and PROFINET, BACnet, and others.