Maritime Cyber Risk Internal Auditor

COURSE LEARNING OBJECTIVES

Upon completion, successful participants will be able to:

  1. Understand the philosophy, process and procedures required to support a maritime safety and security internal audit
  2. Understand how to audit vulnerabilities in:
    • Bridge Systems
    • Cargo handling and management systems
    • Propulsion and machinery management and power control systems
    • Access control systems
    • People facing public networks;
    • Administrative and crew welfare systems; and
    • Communication systems.
  3. Understand Maritime Cyber Risk and Personal Data
  4. Protection

 

pexels-julius-silver-753331

On completion, successful participants will be able to understand and describe:

CONTENTS
  1. The IMO Framework on Cyber Risk Management
  2. The Guidelines on Cyber Security Onboard Ships
  3. Applying Confidentiality, Integrity and Availability Security Objectives in auditing process
  4. Auditing OT Systems & Equipment
  5. Auditing IT Systems & Equipment
  6. Managing an audit program
  7. Performing an Audit with emphasis on the protection of the personal data
  8. Competency and Evaluation of auditors
  9. Maritime Cyber Risk and Audit Techniques

Delegate Assessment – Assessment is carried out by continuous assessment of delegate performance throughout the theoretical and practical phases.

 

AIM OF THE COURSE

This course aims to provide participants with tools, methodologies and practical examples on an effective internal auditing of maritime safety and security activities.

Successful completion of this course will enable participants to ensure proper criteria and methodology is applying when evaluating the use of data and information (Information Technology Systems) and the use of data to control or monitor physical processes (Operational Technology Systems).

 

Prerequisites

Participants are recommended to have the following prior knowledge before attending this course:

  1. ISM Code
  2. ISPS Code
  3. The Guidelines on Cyber Security Onboard Ships (Ver. 3.0)
  4. Framework for Improving Critical Infrastructure Cybersecurity (Version 1.1 – Rev. 04/2018)
  5. Code of Practice – Cyber Security for Ships
  6. IMO MSC.428 (98)
  7. IMO MSC-FAL.1/Circ.3 – Guidelines on Maritime Cyber Risk Management
  8. ISO/IEC 27001 standard on Information technology – Security techniques – Information security management systems – Requirements. Published jointly by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC)