Landingpage available in the following languages:
or select your TÜV Rheinland region / country website:

Fundamentals of Cyber Security EFSTAS

Fundamentals of Cyber Security


On completion of this fundamentals training and exam successful delegates will receive a “Letter of Confirmation”, from TÜV Rheinland.

This “Letter of Confirmation” is required in order to obtain the CySec Specialist (TÜV Rheinland) certificate either in Security Risk Assessment (SRA) or in Product Development.

Participants of the fundamentals training who have passed the exam will be exempt from the Security Risk Assessment or Product Assessment part one exam (on production of the “Letter of Confirmation”).

Holders of the CySec Specialist (TÜV Rheinland) certificate can demonstrate competency with respect to assessing and specifying Industrial Automation Control and Safety System (IACS) Security and provide knowledge in order to:

  • reduce the risk of a successful cyber attack
  • satisfy legal and regulatory requirements
  • meet the organisation’s system security and business objectives.

This training provides knowledge of:

Industrial Protocols, Networks and Networks Security types, ISO/OSI Reference Model

Cryptography, IEC 62443 Framework, NIST Cyber Security Framework (CSF), Establishing an Industrial Automation and Control Systems Security Program, Risk Analysis, Addressing Risk with the CSMS and Monitoring and Improving the CSMS.

Course Objectives

The objective of this course is to provide participants with a basic understanding of cyber security fundamentals so as to be equipped to better understand the principles and practices introduced in the advanced trainings “IACS Cybersecurity Risk Assessment” and “Cyber Security for Components” both related to the according standard IEC 62443.

This training is of modular classroom tuition structure followed by a 2-hour exam.

Who Should Attend?

Functional, Process, Technical Safety and Product Design Engineers, Control and Instrument Engineers and Managers, Process Engineers, Operations personnel and managers, maintenance staff, consultants, advisors and persons involved in product development, management, engineering, operations and safety of process operations as well as persons with PH&RA experience and who are currently involved in process hazard and risk analysis, and will be required to take part in the Security Risk Assessments or Product Design and Development.


Display all Hide all

Day 1

  • Industrial networks vs. Business networks
  • Network types
  • ISO/OSI Reference Model
  • OSI Layer 1: Physical
  • Layer 2 Switches
  • IPv4 Addressing
  • Network Address Translation (NAT)
  • DHCP
  • Routers
  • Layer 3 Switches
  • TCP – Connection Oriented Session
  • User Datagram Protocol (UDP)
  • Firewalls

Day 2

  • Cryptography
  • Remote Access VPNs
  • Intrusion Detection Systems
  • Modbus
  • Profibus
  • IEC62443 Framework
  • NIST Cyber Security Framework (CSF)
  • Establishing an Industrial Automation and Control Systems Security Program
  • Risk Analysis
  • Addressing Risk with the CSMS
  • Monitoring and Improving the CSMS

Day 3

A two (2) hour exam comprising 60 multiple-choice questions

(1 mark each question)

The pass score criterion is 75%


In accordance with the TÜV Rheinland Functional Safety & Cyber Security Program:

  • A minimum of 3 to 5 years experience in a related field (e.g. Control & Instrumentation, process engineering, IT/OT, functional safety or cyber security).
  • University degree or equivalent engineering experience and responsibilities as certified by employer or engineering institution.


From £1300 GBP per participant.