Global Industrial Cyber Security Professional (GICSP) Certification Course

Communication mediums and external network communications, field device architecture (e.g. relays, PLC, switch, process unit), industrial protocols (e.g. modbus, modbus TCP, DNP3, Ethernet/IP, OPC), network protocols (e.g. DNS, DHCP, TCP/IP), network segmentation (e.g. partitioning, segregation, zones and conduits, reference architectures, network devices and services, data diodes, DMZs), wireless security (e.g. WIFI, wireless sensors, wireless gateways, controllers).

Change management, baselines, equipment connections, and configuration auditing, software updates, distribution and installation of patches, software reloads and firmware management.

attacks and incidents (e.g. man in the middle, spoofing, social engineering, denial of service, denial of view, data manipulating, session hijacking, foreign software, unauthorized access), availability (e.g. health and safety, environmental, productivity), cryptographics (e.g. encryption, digital signatures, certificate management, PKI, public versus private key, hashing, key management, resource constraints), security tenets (e.g. CIA, non-repudiation, least privilege, separation of duties), threats (e.g. nation states, general criminals, inside and outside malicious attackers, hacktivists, inside non-malicious).

System backup & restoration.

Incident recognition and triage (e.g. log analysis/event correlation, anomalous behavior, intrusion detection, egress monitoring, IPS), incident remediation/recovery, and incident response (e.g. recording/reporting, forensic log analysis, containment, incident response team, root cause analysis, eradication/quarantine).

Application security (e.g. database security), embedded devices (e.g. PLCs, controllers, RTU, analyzers, meters, aggregators, security issues, default configurations), network security/hardening (e.g. switchport security), operating system security (e.g. unix/linux, windows, least privilege security, virtualization), configuration and endpoint hardening (e.g. anti-malware implementation, updating, monitoring, and sanitization. end point protection including user workstations and mobile devices).

Physical security.

Security testing tools (e.g. packet sniffer, port scanner, vulnerability scanner), device testing (e.g. communication robustness, fuzzing), risk assessments (e.g. risk, criticality, vulnerability, attack surface analysis, supply chain), penetration testing and exploitation, security assessments.

Risk management (e.g. PHA/hazop usage, risk acceptance, risk/mitigation plan), security policies and procedures development (e.g. exceptions, exemptions, requirements, standards).

Event, network, and security logging and monitoring, including archiving logs.