Currently, information security is a constant concern for many institutions and countries that use computer resources for communication and to deliver services. For SCADA systems, the situation is no different. Taking this issue into account, and based on current technological development in the information security area, this research proposes a methodology to implement automation systems in water treatment plants, with an emphasis on security, and a focus on industrial systems that employ the ISA 99 automation safety standards. Additionally, an analysis and identification mechanism for malicious events is proposed, based on the understanding of the operational flow chart and the different stages involved in a typical water treatment plant. Accordingly, an evaluation of three real scenarios of the water treatment process is undertaken, with the aim of simulating criticality parameters identified in the operational flow chart and in the stages of water treatment plant, for which a scenario connected to PLC was developed, thus enabling the simulation of behavior and impacts, in addition to an event detector to analyze the results.