Workshop: CySec in Public Transport

In collaboration with our partner Compass Security, we are pleased to offer you a workshop in which we enable you to implement security policies through an Information Security Management System (ISMS) and understand their impact on operations and processes. In addition, we provide the necessary domain knowledge to implement cybersecurity measures in the areas of systems, networks and applications.
Note: The workshop will be held in German.

Cybersecurity in public transport – need for action and possible solutions

Cybersecurity is becoming increasingly important in public transport. The integrity and availability of data are crucial for smooth operations. Railway companies and infrastructure managers must therefore take measures to protect facilities, systems and vehicles containing information technology systems from unauthorised access and to meet today’s requirements. This requires a clear allocation of responsibilities in the area of cyber security, regular security audits and risk-based measures to ensure adequate information security.


  • Processes
    Information Security Management System (ISMS) | Security Monitoring | Supplier Management | Dealing with Cloud Service Providers | Business Continuity Management | Employee Management | Asset Management | Roles and Responsibilities | Data Protection and Privacy | Access Control
  • Innovation and Change Management
    IT and OT requirements | Cloud development environment (test data) | CI/CD pipelines (automated software delivery process) | Application security testing (DAST/SAST) | Security audits and CISO approval | Deployment of cryptographic proceduressatz kryptographische Verfahren
  • Operation of systems and network
    Availability | Identity Management/Authentication | Segmentation/Zoning | Configuration and Change Management | Remote Working | Vulnerability Management | Asset Management | Installing Software on OT Systems | System Integrity | Endpoint and OT Device Protection | Monitoring and Security Alerts | Incident Management | Tamper Resistance (Physical Protection) | Penetration Testing

Demonstrations and practical examples are used to illustrate theoretical concepts. Participants are actively involved in workshops to develop and implement content based on business scenarios.

Course preparation

A questionnaire on the topic of “Cybersecurity in the company” forms the basis for the workshops and mutual exchange. The time required for this is about 2 to 3 hours.


Basic ICT knowledge

Target group

Project managers and engineers from the public transport sector who deal with the topic of cybersecurity (CySec Rail).

Duration and effort

The course comprises two days, which take place at intervals of two weeks. Between the course days, participants are given an assignment where they bring in the situation in their own company. This is dealt with on the second day of the course. The time required for preparation is around 1 to 2 hours.

Teaching methods

  • Fact-based presentations with storytelling elements
  • Edutainment
  • Demonstrations
  • Workshops
  • Cliffhanger task (preparation for day 2)


  • Beat Stettler, Managing Director, onway ag
  • Ivan Bütler, Cyber Security Specialist, Compass Security AG


CHF 2450, including course material, lunch and refreshments during breaks.

Venue and times

The course will take place at Compass Security AG on Josefstrasse in Zurich, from 9 a.m. to 12 p.m. and from 1 p.m. to 5 p.m. each day.


Tuesday, September 17, 2024 and Tuesday, October 1, 2024

Further workshops

Practical and hands-on workshop. To be held in autumn 2024. Content and dates will follow soon.


For workshop registration, please fill out the following form. You will receive a confirmation of receipt after sending it in. We will send you a confirmation of registration within two weeks. The invitation to the workshop will be sent out approximately two weeks before the workshop takes place.