Education and Learning
COURSE LEARNING OBJECTIVES
Upon completion, successful participants will be able to:
- Understand the philosophy, process and procedures required to support a maritime safety and security internal audit
- Understand how to audit vulnerabilities in:
- Bridge Systems
- Cargo handling and management systems
- Propulsion and machinery management and power control systems
- Access control systems
- People facing public networks;
- Administrative and crew welfare systems; and
- Communication systems.
- Understand Maritime Cyber Risk and Personal Data
- Protection
On completion, successful participants will be able to understand and describe:
- A maritime safety and security audit process
- Establish audit criteria & scope
- Prepare an audit program
- Collect audit evidence
- Write an NCR under Maritime Safety and Security requirements
- Audit hardware and software inventory
- The 6 core elements of any cyber risk management including, identification, protection, control, information, respond and recovery.
CONTENTS
- The IMO Framework on Cyber Risk Management
- The Guidelines on Cyber Security Onboard Ships
- Applying Confidentiality, Integrity and Availability Security Objectives in auditing process
- Auditing OT Systems & Equipment
- Auditing IT Systems & Equipment
- Managing an audit program
- Performing an Audit with emphasis on the protection of the personal data
- Competency and Evaluation of auditors
- Maritime Cyber Risk and Audit Techniques
Delegate Assessment – Assessment is carried out by continuous assessment of delegate performance throughout the theoretical and practical phases.
AIM OF THE COURSE
This course aims to provide participants with tools, methodologies and practical examples on an effective internal auditing of maritime safety and security activities.
Successful completion of this course will enable participants to ensure proper criteria and methodology is applying when evaluating the use of data and information (Information Technology Systems) and the use of data to control or monitor physical processes (Operational Technology Systems).
Prerequisites
Participants are recommended to have the following prior knowledge before attending this course:
- ISM Code
- ISPS Code
- The Guidelines on Cyber Security Onboard Ships (Ver. 3.0)
- Framework for Improving Critical Infrastructure Cybersecurity (Version 1.1 – Rev. 04/2018)
- Code of Practice – Cyber Security for Ships
- IMO MSC.428 (98)
- IMO MSC-FAL.1/Circ.3 – Guidelines on Maritime Cyber Risk Management
- ISO/IEC 27001 standard on Information technology – Security techniques – Information security management systems – Requirements. Published jointly by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC)