The GICSP certification from GIAC (Global Information Assurance Certification) focuses on the foundational knowledge of securing critical infrastructure assets, e.g. distributed control systems in the process control domain. The GICSP bridges IT, engineering and cyber security to achieve security for industrial control systems from design through retirement.
The GICSP certification is relatively new, and its specific combination of industrial cyber security topics makes it a valuable addition to the curriculum of participants. For experienced IT, engineering and cyber security professionals, it widens their knowledge and formally confirms their experience with the GICSP credential. For those new in this field, the GICSP certification provides a good foundational knowledge on industrial cyber security to work with and from.
The training program will take place from 17 October to 19 December 2024.
Program
The agenda of each session is as follows:
Ā
- 15:00 (CET) / 09:00 (EDT) ā Training Part 1
- 16:30 (CET) / 10:30 (EDT) ā Break
- 16:45 (CET) / 10:45 (EDT) ā Training Part 2
- 18:00 (CET) / 12:00 (EDT) ā Finish
The following topics will be covered:
- Access Management
-
Access control models, directory services and user access management.
- Architecture
-
Communication mediums and external network communications, field device architecture (e.g. relays, PLC, switch, process unit), industrial protocols (e.g. modbus, modbus TCP, DNP3, Ethernet/IP, OPC), network protocols (e.g. DNS, DHCP, TCP/IP), network segmentation (e.g. partitioning, segregation, zones and conduits, reference architectures, network devices and services, data diodes, DMZs), wireless security (e.g. WIFI, wireless sensors, wireless gateways, controllers).
- Configuration/Change Management
-
Change management, baselines, equipment connections, and configuration auditing, software updates, distribution and installation of patches, software reloads and firmware management.
- Cyber Security Essentials
-
attacks and incidents (e.g. man in the middle, spoofing, social engineering, denial of service, denial of view, data manipulating, session hijacking, foreign software, unauthorized access), availability (e.g. health and safety, environmental, productivity), cryptographics (e.g. encryption, digital signatures, certificate management, PKI, public versus private key, hashing, key management, resource constraints), security tenets (e.g. CIA, non-repudiation, least privilege, separation of duties), threats (e.g. nation states, general criminals, inside and outside malicious attackers, hacktivists, inside non-malicious).
- Disaster Recovery and Business Continuity
-
System backup & restoration.
- Incident Management
-
Incident recognition and triage (e.g. log analysis/event correlation, anomalous behavior, intrusion detection, egress monitoring, IPS), incident remediation/recovery, and incident response (e.g. recording/reporting, forensic log analysis, containment, incident response team, root cause analysis, eradication/quarantine).
- Industrial Control Systems
-
Basic process control systems (e.g. RTU, PLC, DCS, SCADA, metering/telemetry, ethernet I/O, buses, Purdue, ISA 95), safety and protection systems (e.g. SIS, EMS, leak detection, FGS, BMS, vibration monitoring).
- Modulesā and Elementsā Hardening
-
Application security (e.g. database security), embedded devices (e.g. PLCs, controllers, RTU, analyzers, meters, aggregators, security issues, default configurations), network security/hardening (e.g. switchport security), operating system security (e.g. unix/linux, windows, least privilege security, virtualization), configuration and endpoint hardening (e.g. anti-malware implementation, updating, monitoring, and sanitization. end point protection including user workstations and mobile devices).
- Physical Security
-
Physical security.
- Security Assessments
-
Security testing tools (e.g. packet sniffer, port scanner, vulnerability scanner), device testing (e.g. communication robustness, fuzzing), risk assessments (e.g. risk, criticality, vulnerability, attack surface analysis, supply chain), penetration testing and exploitation, security assessments.
- Security Governance and Risk Management
-
Risk management (e.g. PHA/hazop usage, risk acceptance, risk/mitigation plan), security policies and procedures development (e.g. exceptions, exemptions, requirements, standards).
- Security Monitoring
-
Event, network, and security logging and monitoring, including archiving logs.
Event details
- Date
-
This training program will be conducted during ten (10) weekly three-hour Thursday sessions from Thursday 17 October to Thursday 19 December 2024, via Microsoft Teams Meeting conference.
- Costs
-
The price of the CGI GICSP Certification Course / Fall 2024Ā Edition for external (non-CGI) participants is EUR 3,600.- (approx. USD 3,924.-), excluding 21% VAT. This price includes ten (10) three-hour course sessions conducted via virtual Microsoft Teams Meeting conference calls, and course materials (course slides, exam handout and sample questions).
This price excludes the course book āIndustrial Network Security ā ThirdĀ Editionā by Knapp & Langill (approx. EUR 50), and excludes the actual GIAC Registration and GICSP Certification Attempt (exam) costs, which amount to USD 949.- (approx. EUR 870.-).
- Location
-
Online: conducted via virtual Microsoft Teams Meeting conference
