Aviation Cybersecurity Oversight
3-day course | Classroom & In-company delivery
4-day course | Virtual (5 hour daily sessions)
- ICAO TRAINAIR PLUS COURSE
- Interpret the 6 steps of the UK CAA’s Cybersecurity Oversight Process for Aviation
- Learn to conduct a critical systems scoping exercise
- Explore the synergies between SMS and SeMS
Next available course
| Start Date | Venue | Cost | Availability | Book |
|---|---|---|---|---|
| 18/09/2023 | Online | £1,092.00 | More than 5 places | Book |
Course overview
What is Cybersecurity Oversight?
Cybersecurity risk profiles are dynamic, meaning attackers are always looking to exploit vulnerabilities and can quickly develop new ways of breaching cyber defences. The aviation sector’s progressively interconnected systems require the sector to maintain an up-to-date awareness of both direct and indirect cybersecurity threats and hazards. The changing threat landscape therefore, encourages a proactive approach to cybersecurity and in response means aviation organisations need dynamic protection.
In line with ICAO’s Aviation Cybersecurity Strategy and the corresponding Cybersecurity Action Plan, ICAO is partnering with the UK’s Civil Aviation Authority (CAA) to address cybersecurity oversight.
The course builds on UK CAA’s experience in developing and implementing its cybersecurity oversight framework to ensure a proportionate and effective approach to cybersecurity oversight that enables aviation to manage their cybersecurity risks without compromising aviation safety, security, or resilience.
Course Overview
Aviation regulations increasingly include cybersecurity requirements and the aviation sector needs to demonstrate compliance with them. This ICAO TRAINAIR Plus course provides in-depth knowledge and insight into the cybersecurity regulations and how the oversight process developed by the UK CAA is one model that could be used to cover them.
The course provides practical examples and application of this material which can be taken away with you. This course is not a cybersecurity training course and will not provide general cybersecurity awareness or training.
Who should attend?
This course is suitable for individuals in any role responsible for managing or implementing cybersecurity / Information Security, Compliance Managers or other regulators implementing cybersecurity oversight.
Key topics
This training course will include the following topics:
- ICAO Annex 17
- Aviation Cybersecurity regulatory requirements and threat landscape
- Cybersecurity Oversight Process for Aviation (CAP1753)
- Cybersecurity Strategy
Course objectives
By the end of this course, learners will be able to:
- Describe the relevant aviation cybersecurity regulatory requirements applicable to the aviation sector internationally and nationally, as well as explain how Risk Based Oversight (RBO) and Performance Based Oversight (PBO) can be utilised.
- Understand and interpret the 6 steps that form the UK CAA’s Cybersecurity Oversight Process for Aviation (CAP1753), as one model for cybersecurity oversight.
- Understand the importance of identifying a scope and how to conduct a critical systems scoping exercise.
- Measure an organisation against the 14 principles of cybersecurity good practices, identify a variety of standards which are available to use (e.g., NIST, ISO27K standards), and understand how the UK’s Cyber Assessment Framework for Aviation could be used to support this.
- Prepare and consolidate the evidence required for a Cyber Audit and requirements around levels of assurance.
- Understand how to collate self-assessments, conduct audits and create Corrective Action Plans.
- Understand the synergies between Safety Management System (SMS) and Security Management System (SeMS), as well as the possible options for implementing an Information Security Management Framework using the documentation produced from self-assessment, audit, and corrective actions plans.
- Understand as a regulator or NAA, how to set a required level of cybersecurity and considerations on how to assess cybersecurity submissions from overseen entities.
Prerequisites
You should be a stakeholder for cybersecurity within your organisation, you might be responsible for cybersecurity or for its oversight.
Delivery Methods: Classroom and Virtual
This course can delivered virtually or in-company.
Browse the table below to select your preferred date, delivery method and location (classroom only). If you can not find your preferred form of delivery and date, please contact us.
Course type:
- Web = Virtual online delivery using WebEx video conferencing. We have applied a 5% discount to all our virtual course deliveries. Unless stated otherwise, our virtual courses are streamed live, starting at 09:00 am (UK time).
- Class = A face-to-face classroom course delivered in the location listed in the “venue” column. In light of COVID-19, please check your eligibility and our COVID-19 measures.
Review of course
Related courses
In-company delivery?
We can also tailor this training courses to suit an organisation’s individual training requirements. These bespoke training packages can be delivered in the UK or at a client’s international location. Contact us for more information.
| Course Type | Course Name | Start Date | End Date | Venue | Cost | Availability | Book |
|---|---|---|---|---|---|---|---|
| Web | Aviation Cybersecurity Oversight (Virtual) | 18/09/2023 | 21/09/2023 | Online | £1,092.00 | More than 5 places | Book |
Meet our instructors: ICAO Aviation Cybersecurity Strategy
Sabrina Brookfield
Sabrina Brookfield
Cyber Security Oversight in Aviation
Sabrina is the Policy Lead for Cyber Security in the UK CAA. She is responsible for cyber aviation policy feeding into regulatory cyber security oversight in the UK, ensuring there is a proportionate and effective approach that enables aviation to manage cyber security risks without compromising aviation safety, security or resilience. Sabrina has previously worked in the finance sector in various roles such as risk, threat intelligence and liaison officer. She holds CISSP (Certified Information Systems Security Professional) and ISO27001 Lead Auditor. She also has a Bachelor of Science in Computer Science with Business.
