Sprache

Information Security

Practical day course

This course offers a compact introduction to the topic of information security. Participants will learn what obligations the Cyber Resilience Act, NIS2, and the revised Swiss Data Protection Act (DSG) specifically entail for them. They will discover the ten most common OT attack vectors and create their own SBOM to detect vulnerabilities in third-party firmware.

In a condensed simulation exercise, participants will test incident response roles, review maintenance contracts for missing security clauses, and develop three quick wins that can be implemented within 90 days.

 

Target Audience:

This course is aimed at individuals from the OT/mechanical engineering environment and anyone interested in gaining a fundamental understanding of information security.

Prerequisites:

Basic computer skills are required. Prior knowledge in the field of information security is beneficial but not strictly necessary.

Course Content:

Theory:

  • Threat Landscape
    • Attack vectors, motives, and TTPs (tactics, techniques, and procedures) targeting OT/ICS
  • Incident Response in OT
    • Fundamentals and differences between traditional IT incident response and OT incident response
  • Cyber Resilience Act (CRA) and NIS2 Directive in Focus- Explanation and insights into CRA and NIS2
    • Obligations for mechanical engineering companies
  • Swiss Law in Practice
    • Key aspects of the revised Swiss Data Protection Act (DSG) relevant to industrial data - reporting obligations for cyberattacks under the Information Security Act (ISG)

Practical Exercises:

  • Workshop on Standards
  • Software Bill of Materials (SBOM)
    • Creating, validating, and evaluating an SBOM
    • Deriving initial risks
  • Obligations under the Cyber Resilience Act and NIS2 Directive
    • Identifying legal obligations
  • Practicing the assessment of whether DSG or GDPR applies
  • Gap Analysis (CRA, NIS2, and DSG)
    • Identifying the biggest gaps
    • Defining potential quick wins
  • Identifying Missing Security Clauses in Maintenance and Supply Contracts
    • Determining legal and security obligations
  • Creating a personal Action Plan for implementation in the company

Date:
Please send inquiries to ins-info@ost.ch

Cost:
CHF 800, including course materials

Location:
OST – Eastern Switzerland University of Applied Sciences, Rapperswil-Jona

OST - University of Applied Sciences of Eastern Switzerland

 

News

Visit us

Address:
Oberseestrasse 10
8640 Rapperswil

Office: Room 8.262

ins-info@ost.ch

 

Quicklinks

Executive education
Research projects
Publications
Team
Open positions

 

Contact

Prof. Dr. Daniel Patrick PolitzeINS Institut für Netzwerke und SicherheitProfessor
Institutsleiter INS

+41 58 257 46 05daniel.politze@ost.ch

INS on Social Media