Cyber Security Risk Assessment (TÜV Rheinland)

Engineering Safety Consultants Ltd. is an approved course provider for Cyber Security Risk Assessment training of the TÜV Rheinland Cyber Security Training Program.

Why attend the course?

The Cyber Security Risk Assessment training course is a 4-day training course including a 4-hour exam.

The objective of the course is to provide participants with a fundamental understanding of the principles of IACS Cybersecurity Risk Assessment in the process industries according to IEC 62443 and to understand:

  • The role and the process of Security Risk Assessment (SRA) in gaining an understanding of the security risks on the facility and their potential consequences.
  • The concept of Security Level – Targets (SL-T) and the Cyber Security Requirements Specification (CSRS).
  • The relationship between SL-T and CSRS to the design and implementation of security countermeasures that are capable and able to achieve the security requirements needed of the determined security level.

The course is based around a practical case study that will be developed across the three days of the course taking the delegate through the SRA process. The course is a modular structure of classroom tuition followed by a case study practical, which will take the participant through the SRA process as identified in IEC 62443-3-2.

Day four consists of a four-hour two-part examination based on a multiple choice and an Open SRA examination.

Course Learning Objectives

The objective of the course is to provide participants with a fundamental understanding of the principles of IACS Cybersecurity Risk Assessment in the process industries according to IEC 62443 and to understand:

  • The role and the process of Security Risk Assessment (SRA) in gaining an understanding of the security risks on the facility and their potential consequences.
  • The concept of Security Level – Targets (SL-T) and the Cyber Security Requirements Specification (CSRS).
  • The relationship between SL-T and CSRS to the design and implementation of security countermeasures that are capable and able to achieve the security requirements needed of the determined security level.

The course is based around a practical case study that will be developed across the three days of the course taking the delegate through the SRA process. The course is a modular structure of classroom tuition followed by a case study practical, which will take the participant through the SRA process as identified in IEC 62443-3-2.

Who will benefit

Functional, Process and Technical Safety Engineers, Control and Instrument Engineers and Managers, Process Engineers, Operations personnel and Managers, Maintenance staff, consultants, advisors and persons involved in Management, Engineering, Operations and safety of process operations. In addition, persons with PH&RA experience and who are currently involved in Process Hazard and Risk Analysis, and will be required to take part in the Security Risk Assessments and Cybersecurity Requirements Specification.

Pre-requisites for “Cyber Security Risk Assessment (TÜV Rheinland)” Certificate

In accordance with the TÜV Rheinland Functional Safety and Cyber Security Program:

  • A minimum of 3 to 5 years experience in a related field (e.g. Control & Instrumentation, process engineering, IT/OT, functional safety or cyber security).
  • University degree or equivalent engineering experience and responsibilities as certified by employer or engineering institution.

Note: Attending the Fundamentals of Cyber Security training and passing the exam or only passing the exam of the training is a prerequisite to attend the Cyber Security advanced trainings of the TÜV Rheinland Cyber Security Training Program including the Security Risk Assessment coures.

Course Leader

The Cyber Security Risk Assessment course is led by Dr Fan Ye, GICSP, CFSE, FS Eng (TÜV Rheinland), CEng, MSaRS, MIET who is a Principal Consultant, Engineering Safety Consultants (ESC) Limited.

Dr Fan Ye has worked in safety consultancy in industries including oil and gas, chemical, nuclear power and defence since completing his PhD in 2005. Fan is a Charted Engineer (CEng) by the Engineering Council via IET. He is a GIAC certified Global Industrial Control Security Professional (GICSP). He is a Certified Functional Safety Expert (CFSE) and TÜV Rheinland and Technis certified Functional Safety Engineer. His expertise lies in the areas of hazard identification and risk assessment, safety case development, safety management, system reliability, and ICS Cyber Security.

Fan is a committee member of both the BSI GEL/65/1 and the IEC 61508 Part 3. Fan has extensive knowledge on international safety standards such as IEC 61508, IEC 61511 and UK Defence Standards and Military of Defence (MoD) policy. Fan is familiar with UK’s Health and Safety legislation and the As Low As Reasonably Practicable (ALARP) principle for safety risk management underpinned by cost benefit analysis.

Fan has chaired and facilitated numerous HAZOP and SIL determination (LOPA) studies in the UK and Middle East. He has also led a number of SIL verification studies and Quantitative Risk Assessments (QRAs) for major projects.

Course Duration & Examination

The course consists of three days of classroom tuition and practical guidance, mixed with practical exercises based on real life examples.

The exam takes place on the fourth day. The exam is 4 hours and consists of two parts:

  • Part 1 = 30 multiple-choice questions
  • Part 2 = Open-Ended exam

Course Approval Criteria

The pass mark for the examination is 75%.

Language

The course will be undertaken in English.

Re-Exam

(for those who did not pass the examination)

  • Within one year after a failed examination, applicants may sign up once for another examination, free of charge.  The re-sit of the examination will need to be on one of our other course dates.
  • If applicants sign up for attending the training course again, they have to pay full course price

Price

The price per participant is from GBP £1,950 + VAT depending on location.

This price includes:

  • Course material
  • Registration fees
  • Cyber Security Risk Assessment (TÜV Rheinland) certificate issued by TÜV Rheinland
  • Refreshments and Lunch

This course can be completed without taking the examination held on day 4. Participants will receive a certificate of attendance, but not a Cyber Security Risk Assessment (TÜV Rheinland) certificate.  The price per participant is from GBP £1,650 + VAT depending on location.
Note: The course must be retaken in full to sit the exam.

Course Evaluation

Course evaluation will be via a ‘Survey Monkey’ email survey.

Dates

DateLocationDetails
15/06/2021 - 18/06/2021
9:00 to 17:00 BST
Online
Virtual
Classroom
Cyber Security Risk Assessment (TÜV Rheinland) with Exam £1950 (+VAT)
Full 4 day course including exam and Cyber Security Risk Assessment (TÜV Rheinland) certificate.
Cyber Security Risk Assessment (TÜV Rheinland) Course Only£1650 (+VAT)
This course can be completed without taking the examination. Participants will receive a certificate of attendance, but not a Cyber Security Risk Assessment (TÜV Rheinland) certificate. Note: The course must be retaken in full to sit the exam.
Book

Request Information

Please contact us to discuss if you’d like any further information: