Course Objectives:

By the end of this course, participants will:

1. Understand the core principles and methodologies for auditing Operational Technology (OT), SCADA, and Industrial Control Systems (ICS).
2. Learn to identify common vulnerabilities and compliance gaps in OT/SCADA/ICS environments.
3. Develop skills in assessing system configurations, access controls, and network security.
4. Gain knowledge of standards and frameworks like IEC 62443, NIST CSF, and NERC CIP.
5. Create actionable audit reports with recommendations to improve security and compliance.

Course Syllabus:

Day 1: Fundamentals of OT/SCADA/ICS Auditing

1. Introduction to OT, SCADA, and ICS Systems
2. Audit Scope and Planning
3. Compliance Frameworks and Standards
4. Workshop: Creating an Audit Plan for OT Systems

Day 2: System Architecture and Configuration Auditing

1. Understanding OT/SCADA System Architectures
2. Configuration Auditing
3. Access Control Auditing
4. Practical Exercise: Auditing System Configurations

Day 3: Network and Communication Security Auditing

1. Auditing OT/SCADA Network Security
2. Protocol Analysis and Security
3. Threat Identification in Network Traffic
4. Hands-On Lab: Network and Protocol Security Assessment

Day 4: Risk Management and Incident Handling

1. Risk Assessment in OT/SCADA/ICS Environments
2. Incident Response Planning
3. Business Continuity and Disaster Recovery
4. Workshop: Developing a Risk Mitigation and Recovery Plan

Day 5: Reporting and Continuous Improvement

1. Creating Effective Audit Reports
2. Recommendations for OT Security Improvements
3. Capstone Project: Conducting a Mock OT/SCADA/ICS Audit