Global Industrial Cyber Security Professional (GICSP)

This 5-day training teaches you how to combine IT, cyber security and engineering best practices to secure your Industrial Control Systems (ICS). You will be prepared for the Global Industrial Cyber Security Professional (GICSP) certificate of GIAC

Global Industrial Cyber Security Professional (GICSP) - mode of study

  • Option 1: 5-day public training in London or 's-Hertogenbosch
  • Option 2: In-company training


Global Industrial Cyber Security Professional (GICSP) - a unique and vendor-neutral ICS security certification

GICSP (Global Industrial Cyber Security Professional) is the newest certification in the GIAC family and focuses on the essential knowledge of securing critical infrastructure assets. GICSP is the only certification in the world that explicitly focuses on the cyber security aspects of Industrial Control Systems (ICS). GICSP is a certification for engineers, ICS security professionals and ICS technology specialists.

 

This unique, vendor-neutral, practitioner-focused Industrial Control System (ICS) security certification is a collaborative effort between GIAC and representatives from a global industry consortium involving organisations that design, deploy, operate and/or maintain industrial automation and control system infrastructure. The consortium of organisations collaboratively established an open Body of Knowledge of Industrial Control Systems (ICS) security, which lays the foundations for the certification framework and associated competency training program.


Global Industrial Cyber Security Professional (GICSP) - why this training and certification?

Numerous incidents have shown that Industrial Automation and Control Systems (IACS) could be vulnerable to cyber attacks and that such attacks can lead to disruption of physical systems and networks. This makes security for IACS an important part of Critical Information Infrastructure Protection (CIIP). This GICSP training is a great introduction to the IACS landscape and associated security concerns.

There is a skills gap with regard to industrial control system personnel, whether it be cyber security skills for engineers or principles for cyber security experts. The training provides you with the essentials for concluding cyber security work in industrial control system environments. This 5-day Global Industrial Cyber Security Professional (GICSP) training teaches you how to combine IT, cyber security and engineering best practices to secure your Industrial Control Systems (ICS).

When you have completed this GICSP (Global Industrial Cyber Security Professional) training you will have developed an appreciation, understanding and common language that will enable you to work together with your colleagues to secure your Industrial Control System (ICS) environments.

 

Global Industrial Cyber Security Professional (GICSP) - what will you learn?

The 5-day GICSP training provides the opportunity to learn and discuss the newest and most challenging cyber security risks to control systems and the most effective defences. The training is designed in such a way that you will leave with newly gained knowledge, tools and techniques you can put to work immediately in your daily practice. This highly topical Industrial Cyber Security Professional training will provide you with:

  • knowledge about standards and regulations for Industrial Control Systems (ICS);
  • understanding of the threats to the security of process control systems;
  • understanding of the technologies used to carry out security audits;
  • understanding of industrial control system components, purposes, deployments, significant drivers and constraints;
  • hands-on lab learning experiences to control system attack surfaces, methods and tools;
  • control system approaches to system and network defence architectures and techniques;
  • knowledge of how to harden an Industrial Control System (ICS) using end-point protection, securing memorable data or updating systems;
  • incident-response skills in control system environments; and
  • governance models and resources for Industrial Cyber Security Professionals.

 

Global Industrial Cyber Security Professional (GICSP) - who should attend?

GICSP provides a set of standardized skills and knowledge for Industrial Cyber Security Professionals. The GICSP training is designed to ensure that the workforce involved in supporting and defending Industrial Control Systems (ICS) is trained to keep the operational environment safe, secure and resilient against current and emerging cyber threats.


The GICSP training is designed for the range of individuals who work in, interact with, or can affect industrial control system environments, including asset owners, vendors, integrators and other third parties. The GICSP training brings together control system engineers, IT security professionals, program managers, process control engineers, process control network cyber security engineers, principal security architects, ICS/SCADA security consultants, heads of process control security, directors of reliability & security, senior security engineers, directors of technology, critical infrastructure protection specialists from asset owners and operators along with governmental and research leaders.

     

Do you prefer an in-house Global Industrial Cyber Security Professional (GICSP) training?

With at least 5 delegates an in-house training to become a Global Industrial Cyber Security Professional (GICSP) could be your best choice. Are you interested? Please call us at +31 (0)40 246 02 20 or send an e-mail to info@imfacademy.com to discuss the possibilities.

Global Industrial Cyber Security Professional (GICSP) - what is it?

  • The GICSP is a new certification that focuses on the essential knowledge for professionals securing industrial technology.
  • The GICSP has been developed for engineers, control system support and security professionals who work in environments addressed by commonly accepted standards related to control system and automation security, including ISA-99/IEC 62443.
  • Holders of the GICSP certificate will demonstrate a globally recognized level of competence that defines the architecture, design, management, risk and controls that assure the security of critical infrastructure.
  • The GICSP is the bridge to bring together IT, engineering and cyber security professionals to achieve security for ICS from design inception to product retirement.
  • The certification establishes a base level of knowledge and understanding for the diverse set of professionals who engineer, operate, secure or support control systems and share responsibility for the security of these environments.
  • This certification is applicable to control system owners/operators across all sectors, ICS vendors, integrators and support organisations and professionals that have access to production industrial control systems from nuclear power plant systems to building automation.
  • The GICSP is expected to be globally adopted as a gateway certification for critical infrastructure industrial control system professionals.

 

About GIAC (Global Information Assurance Certification) institute

GIAC is an independent information security certification entity founded by SANS institute. GIAC is the leader in information security certifications, cyber security, IT security and forensics & penetration testing certification. GIAC has granted over 60,000 certifications to validate the skills and knowledge of information security professionals. The SANS institute is a private U.S. company that specializes in information security and cyber security trainings.


Global Industrial Cyber Security Professional (GICSP) - certification objectives

The certification objectives for the GIAC Global Industrial Cyber Security Professional (GIAC) training are:

ICS Architecture

  • Communication medium
  • Defense in depth
  • External network communications
  • Field device architecture
  • Industrial protocols
  • Network protocols
  • Network segmentation
  • Wireless security


ICS Security Assessments

  • Device testing
  • Penetration testing and exploitation
  • Security assessments
  • Security tools


ICS Security Monitoring

  • Archiving
  • Event monitoring and logging
  • Network monitoring and logging
  • Security monitoring and logging


Configuration/Change Management

  • Change management, baselines, equipment connections and auditing
  • Distribution and installation of patches
  • Software reloads and firmware management


Disaster Recovery and Business Continuity

  • System backup
  • System restoration


Incident Management

  • Incident recognition and triage
  • Incident remediation/recovery
  • Incident response


ICS Security Governance and Risk Management


Physical Security

  • Knowledge of physical security


Industrial Automation & Control Systems (IACS)

  • Basic process control systems
  • Critical infrastructure sector
  • Safety and protection systems


ICS Modules and Elements Hardening

  • Anti-malware implementation, updating, monitoring and sanitiza
  • Application security
  • Embedded services
  • End-point protection including user workstations and mobile devices
  • Network security/hardening
  • OS security
  • Removable media


Cyber Security Essentials for ICS

  • Attacks and incidents
  • Availability
  • Cryptographics
  • Securing awareness programs
  • Security tenets
  • Threats


Access Management


Global Industrial Cyber Security Professional (GICSP) - course material

The 5-day GICSP training consists of theory, practical examples and instructional hands-on sessions. You will also take part in a series of practical exercises to consolidate your knowledge of using both wired and wireless networks. The lab sessions are designed to allow you to utilize the knowledge gained throughout the training in an instructor-led environment. You will receive the official courseware, which can also be used as post-course resources. A laptop is required.


Global Industrial Cyber Security Professional (GICSP) - examination highlights

The exam to become a Global Industrial Cyber Security Professional (GICSP) consists of 115 (100 scored/15 non-scored) beta questions. The exam takes 3 hours. The minimum passing score is 69%. Test delivery is computer based and proctored by Pearson Vue at over 4,000 global testing centers. The GICSP certification is valid for 4 years. Continuing professional education requirements are consistent with GIAC standards.


Global Industrial Cyber Security Professional (GICSP) - prerequisites

In order to be successful in this training, you will need a good understanding of basic computer networking and security principles. You will also need to be familiar with networking protocols and ideally have a CompTIA Nework+ certification.


Global Industrial Cyber Security Professional (GICSP) - limited number of participants

Due to the interactive character of this training and to optimise the benefits the participants derive from the various exercises, the number of participants is limited.

Global Industrial Cyber Security Professional (GICSP) - training programme


Introduction

  • Overview
  • Knowledge of critical infrastructure


Governance & Risk Management

  • Global security standards
  • Practices and regulations
  • Security lifecycle
  • Security policies


Security Essentials

  • Types of threat
  • Attacks and incidents


System security

  • Tenets of security
  • Security awareness
  • Physical security
  • Crytography


ICS Architecture

  • Communication mediums
  • Device architecture
  • Process control systems
  • Industrial protocols
  • Network protocols
  • Network segmentation
  • Wireless security


Hardening ICS

  • Updating systems
  • Application security
  • Embedded devices
  • End-point protection
  • Hardening network security
  • Operating system security
  • Securing removable media


Access controls

  • Access control model
  • Directory service
  • User access management


Change Management

  • Baselines and auditing
  • Patch distribution and installation
  • Software and firmware management


Incident Management

  • Recognition and response
  • Incident recovery


Business Continuity

  • Defense in depth
  • High availability
  • Site redundancy
  • System backups and restores


System Auditing

  • Security assessments
  • Device testing
  • Monitoring and logging
  • Penetration testing and exploitation


The trainer of the Global Industrial Cyber Security Professional (GICSP) training, is a very experienced GIAC/SANS certified instructor.

The Global Industrial Cyber Security Professional (GICSP) training consists of 5 days. The training will take place in various locations in and around the Netherlands


Global Industrial Cyber Security Professional (GICSP) - training I

  • 9 - 13 October 2017 ('s-Hertogenbosch, The Netherlands)
The fee for the Global Industrial Cyber Security Professional (GICSP) training is € 5,700 (VAT excl.) per person. The fee includes accommodation, dinners, lunches, coffee, tea, course materials, hands-on sessions and the GICSP exam.

*USD price is an approximate value. The actual USD price is based on the invoice date's exchange rate.