iPad Air 2, Samsung Galaxy Tab A, or $350 Off with SANS Online Training Right Now!

RSA Conference 2015

San Francisco, CA | Sun, Apr 19 - Wed, Apr 22, 2015
This event is over,
but there are more training opportunities.

ICS Cybersecurity Overview with Hands-on Lab

The ICS RSAC course has been designed by ICS security experts to orient students to industrial control systems and provide a foundation for applying cyber security controls, practices, and technology. The course is designed to introduce students to the unique requirements of real-time systems and provide a model for defending industrial control systems in a manner that keeps the operational environment safe, secure, and resilient against current and emerging cyber threats.

Course Syllabus


CPE/CMU Credits: 6


CPE/CMU Credits: 6

Additional Information

The ICS RSAC course consists of instruction and hands-on sessions. The lab sessions are designed to allow students to utilize the knowledge gained throughout the course in an instructor-led environment. Students will have the opportunity to install, configure, and use the tools and techniques that they have learned.

  • Laptop with available USB ports.
  • Laptop with DVD Reader.
  • Latest VMware Player, VMware Workstation, VWware Fusion installed. Other virtualization software such as Parallels or VirtualBox will probably work if the attendee is familiar with its functionality; however VMware Player should be prepared as a backup just in case.
  • Ability to disable all security software on their laptop such as Antivirus and/or firewalls
  • At least twenty (20) GB of hard drive space

At least four (4) GB of RAM

If you have additional questions about the laptop specifications, please contact laptop_prep@sans.org.

The course is designed for the range of individuals who work in, interact with, or can affect industrial control system environments, including asset owners, vendors, integrators, and other third parties. These personnel primarily come from two domains:

  • IT (includes operational technology support)
  • IT security (includes operational technology security)
  • Course participants need to have a basic understanding of networking and system administration, TCP/IP, networking design/architecture, vulnerability assessment, and risk methodologies. ICS RSAC covers many of the core areas of security and assumes a basic understanding of technology, networks, and security. For those who are brand new to the field and have no background knowledge, SEC301: Intro to Information Security would be the recommended starting point. While SEC301 is not a prerequisite, it provides introductory knowledge that will help maximize a student's experience.
  • Design and architect a secure industrial control system
  • Reconnaissance tactics
  • Authentication attacks
  • Spoofing control signals
  • Wireshark analysis
  • Incident response