Aims & Objectives

• Provide the key definitions and aspects related to Cyber Security and specify the important factors for the prevention of Cyber Attacks in maritime industry.
• Give an overview on the general procedure and various methods used by criminals to bypass your security measures.
• Provide an overview on general procedures and various methods used to conduct Cyber Risk Marine Assessment and Cyber Risk Analysis.

Learning Outcomes

• A trainee successfully completing this course will be able to:
• Address Cyber Security threats
• Prepare company's personnel for Cyber Security risks
• Demonstrate understanding on the importance of Cyber Security risk management in a shipping company
• Create an effective marine Cyber risk assessment and plan and follow risk assessment & analysis procedures

Who should attend?

Every employee who uses programs, devices, and network services within any size and type of a shipping company, port or port facility

Prerequisite skills & knowledge: Basic knowledge of ISO standards, ISM management systems and auditing process

Available in-house/distant learning? Yes

Created by: LiberoAssurance Continuous Professional Development Training Centre Level 1 – Accredited by Univab

PART A: Maritime Cyber Security Awareness

Introduction to Maritime Cyber Security

• What is Maritime Cyber Security?
• IT and OT systems
• IMO related Resolutions, Circulars and Guidelines
• Industry Guidance on Maritime Cyber Security

Cyber Security Risks

• ISM/ISPS – Identified Risks
• Company risk assessment procedure
• Third party risk assessments
• Risks related to Ship-Port interface
• Recent cyber security regulations
• Assessment of Identified Cyber Risks
  • Identify threats
  • Identify Vulnerabilities
  • Risk Calculation
  • Risk Mitigation (corrective/preventive measures)

Cyber Security Plan

• Incident Management?
• Emergency Preparation
• Steps for cyber security plan preparation
• Check your Cyber Security Status

PART B: Additional Annexes & Controls for consideration

Introduction to additional controls

• About ISO 27001:2013 - Annex A
• Scope of ISO 27701:2019
• Personally Identifiable Information (PII)

ISO 27701:2019 Annexes

• ISO 27701 Annex Summary
• Annex A: PIMS - specific reference control objectives and controls (PII Controllers)
• Annex B: PIIMS - specific reference control objectives and controls (PII Processors)
• Annex C: Mapping to ISO/IEC 29100
• Annex D: Mapping to the General Data Protection Regulation
• Annex E: Mapping to ISO/IEC 27018 and ISO/IEC 29151
• Annex F: How to apply ISO/IEC 27701 to ISO/IEC 27001 and ISO/IEC 27002

Practical Risk Proposal

Part C: Marine Management Systems Internal Auditor

Overview

• What is an Audit?
• Why Audit?
• Audit types
• Tips to trained internal auditor

Internal Audit

• Principles of auditing
• Scheduled and unscheduled Audits
• What to Audit – Technical Audit
• Steps involved in internal audit
• Scope of audit
• Frequency of audit
• Internal Audit process

Audit steps

• Performing audit activities
• Audit Plan
• Developing Checklists
• Opening Meeting
• Conducting the Audit
• Recording Results
• Non-Conformities & Non-Compliances
• Closing Meeting (s)
• Audit Report
• Audit Follow-up Activities

Audit programme

• Establishing the Audit programme objectives
• Identifying and evaluating audit programme risks
• Process flow for the management of an audit programme
• Managing an audit programme
• Audit programme Implementation

Audit Tips & Techniques

• Tips to trained internal auditor
• Question Technique
• Competence of the audit programme manager

Psychological factors during an audit

• Attitudes and relationships
• Obstacles & communication
• Space & Time issues
• Body language
• Cultural factors
• Principles of Listening & Auditing
• The Interview steps

Auditor's Performance

• Auditor’s Quality
• The Auditors conduct
• Auditor’s Code of Conduct
• Auditor Characteristics
• Auditor's personal behavior
• The Auditee’s conduct
• Audit team leader skills
• How to evaluate an Auditor
• Maintaining & Improving Auditor’s Competence
• Auditor’s Competence IACS/RO Guidance
• Auditor’s  Experience IACS/RO Guidance

Accreditation and Certification

• Accreditation & Certification Bodies
• Certification Process

References

Exam & Certification

• Exam on Maritime Cyber Security Internal Auditor
  
• “Maritime Cyber Security Internal Auditor” Certificate

Teaching Methods

• Detailed seminar presentations (available for download)
• No. of slides: 300
  

Resources

• Reading lists and resources available in presentations

Study time allocation

• Private study hours: 35
• Trainer contact hours: Availability and competence of instructors upon request
• Enrollment duration: 90 days (from the date of purchase)

Credits

• CPD Points: 35
  
• ECTS/ECVET Points: 1.2