Cyber HAZOP Analysis

COURSE 3 – Training in english

Course Summary

  • The course is based on examples and real practical exercises on cybersecurity risk analysis methodologies (Cyber-HAZOP, Cyber-LOPA).
  • Based on HAZOP-LOPA analysis, cyber-risk analyses are developed following a similar methodology Cyber HAZOP-LOPA.
  • An Excel-based tool is used to complete the examples and exercises in the course.
  • The methodologies explained are based on the ISA document TR84.00.09-2017 and the Standards IEC62443 and IEC61511 / 61508.

Clause 11.2.12 of IEC 61511:2016:

“The design of the SIS shall be such that it provides the necessary resilience against the identified security risks (see 8.2.4).
Note: Guidance related to SIS security is provided in ISA TR84.00.09 and IEC 62443-2-1:2010”.

Course registration

  • Virtual instructor-led training (VILT) for a maximum of 10 participants.
  • The duration of the course is 8 hours, distributed in 3 online sessions with MS-Teams (2.5h+3h+2.5h.).
  • Date of the next course to be defined. Pre-registration open at
  • Course fee: 480 € /participant (380 € for 2 or more participants from the same company).

Note: For payments by bank transfer please contact us to request the invoice with bank details.

Summary of course contents:

Module 1: Risk Concepts

  • How risk is quantified.
  • Examples in “safety” and “security”.
  • Risk Gap, Tolerable Risk, Layers of protection.
  • The Risk Matrix for safety.
  • The Risk Matrix for security.

Approx. duration: 60 minutes

Module 2: IEC62443 vs IEC61511

  • Similarities in life cycle.
  • Concepts: SIF, SIL, SIS, SL.
  • IEC62443: High-level analysis, detailed analysis, Zones and Conduits.
  • Vulnerabilities: Assessment, public databases, examples, etc.
  • Threats: Sources, attack vectors, etc.

Approx. duration: 90 minutes

Module 3: Methodologies

  • Explanation of the Excel tool of the course.
  • Basic example of HAZOP and LOPA (for non-HAZOP experts).
  • Cybersecurity Risk Analysis: Methodologies proposed in ISA TR84.00.09, consequence-driven method (SPR), assessment with probability, advantages and limitations of each method, examples.

Approx. duration: 90 minutes

Module 4: Practical examples

  • Explanation of the case study (industrial process).
  • Result of HAZOP/LOPA with Excel tool.
  • High level Cyber HAZOP: a)Advantages of SPR method; b)Use of probability; c)Calculation of required SL; d)Non-hackable layers; e)Examples of the impact of changing the risk matrix and how to calculate probability.
  • Cyber LOPA: Calculation of CRRF and required SL and other considerations.

Approx. duration: 90 minutes

Module 5: Practical Exercise

  • Explanation of the case study.
  • Assignment of parts of the exercise to course participants.
  • Sharing of the CyberHAZOP-CyberLOPA results.

Approx. duration: 90 minutes.

Module 6: Verification of the SL

  • IEC 62443 requirements (foundational and system requirements).
  • Example of a detailed Cyber Risk Analysis.
  • Examples of Security Level verification.

Approx. duration: 60 minutes

Who is the course for?

The course is especially aimed at HAZOP-LOPA technicians in the process industry due to the need to incorporate the cybersecurity analysis required in IEC 61511 (clauses 8.2.4 and 11.2.12). No knowledge of cybersecurity is required. The course is also of interest to cybersecurity technicians from the IT world who will be involved in cybersecurity risk analysis in the OT world.

Course documentation

  • PDF files of the contents.
  • Excel tool for HAZOP-LOPA- Cyber-HAZOP/LOPA (read more).
  • Course certificate.