The GICSP certification from GIAC (Global Information Assurance Certification) focuses on the foundational knowledge of securing critical infrastructure assets, e.g. distributed control systems in the process control domain. The GICSP bridges IT, engineering and cyber security to achieve security for industrial control systems from design through retirement.
The GICSP certification is relatively new, and its specific combination of industrial cyber security topics makes it a valuable addition to the curriculum of participants. For experienced IT, engineering and cyber security professionals, it widens their knowledge and formally confirms their experience with the GICSP credential. For those new in this field, the GICSP certification provides a good foundational knowledge on industrial cyber security to work with and from.
The training program will consist of three editions:
- Fall 2023 Edition: 12 October to 14 December 2023
- Winter 2023 Edition: 30 November 2023 to 8 February 2024
- Spring 2024 Edition: 7 March to 16 May 2024
The agenda of each session is as follows:
- 15:00 (CET) / 09:00 (EDT) – Training Part 1
- 16:30 (CET) / 10:30 (EDT) – Break
- 16:45 (CET) / 10:45 (EDT) – Training Part 2
- 18:00 (CET) / 12:00 (EDT) – Finish
The following topics will be covered:
- Access Management
Access control models, directory services and user access management.
Communication mediums and external network communications, field device architecture (e.g. relays, PLC, switch, process unit), industrial protocols (e.g. modbus, modbus TCP, DNP3, Ethernet/IP, OPC), network protocols (e.g. DNS, DHCP, TCP/IP), network segmentation (e.g. partitioning, segregation, zones and conduits, reference architectures, network devices and services, data diodes, DMZs), wireless security (e.g. WIFI, wireless sensors, wireless gateways, controllers).
- Configuration/Change Management
Change management, baselines, equipment connections, and configuration auditing, software updates, distribution and installation of patches, software reloads and firmware management.
- Cyber Security Essentials
attacks and incidents (e.g. man in the middle, spoofing, social engineering, denial of service, denial of view, data manipulating, session hijacking, foreign software, unauthorized access), availability (e.g. health and safety, environmental, productivity), cryptographics (e.g. encryption, digital signatures, certificate management, PKI, public versus private key, hashing, key management, resource constraints), security tenets (e.g. CIA, non-repudiation, least privilege, separation of duties), threats (e.g. nation states, general criminals, inside and outside malicious attackers, hacktivists, inside non-malicious).
- Disaster Recovery and Business Continuity
System backup & restoration.
- Incident Management
Incident recognition and triage (e.g. log analysis/event correlation, anomalous behavior, intrusion detection, egress monitoring, IPS), incident remediation/recovery, and incident response (e.g. recording/reporting, forensic log analysis, containment, incident response team, root cause analysis, eradication/quarantine).
- Industrial Control Systems
Basic process control systems (e.g. RTU, PLC, DCS, SCADA, metering/telemetry, ethernet I/O, buses, Purdue, ISA 95), safety and protection systems (e.g. SIS, EMS, leak detection, FGS, BMS, vibration monitoring).
- Modules’ and Elements’ Hardening
Application security (e.g. database security), embedded devices (e.g. PLCs, controllers, RTU, analyzers, meters, aggregators, security issues, default configurations), network security/hardening (e.g. switchport security), operating system security (e.g. unix/linux, windows, least privilege security, virtualization), configuration and endpoint hardening (e.g. anti-malware implementation, updating, monitoring, and sanitization. end point protection including user workstations and mobile devices).
- Physical Security
- Security Assessments
Security testing tools (e.g. packet sniffer, port scanner, vulnerability scanner), device testing (e.g. communication robustness, fuzzing), risk assessments (e.g. risk, criticality, vulnerability, attack surface analysis, supply chain), penetration testing and exploitation, security assessments.
- Security Governance and Risk Management
Risk management (e.g. PHA/hazop usage, risk acceptance, risk/mitigation plan), security policies and procedures development (e.g. exceptions, exemptions, requirements, standards).
- Security Monitoring
Event, network, and security logging and monitoring, including archiving logs.
This training program will consist of three editions. On the registration form, you can choose the edition you wish to register for. The dates for each edition are as followed:
- Fall 2023 Edition: Thu 12 October to Thu 14 December 2023
- Winter 2023 Edition: Thu 30 November 2023 to Thu 8 February 2024 (except Thu 28 December 2023 – Holiday Season)
- Spring 2024 Edition: Thu 7 March to Thu 16 May 2024 (except Thu 9 May 2024 – Ascension Day)
The price of the CGI GICSP Certification Course / Fall 2023 Edition for external (non-CGI) participants is EUR 3,600.- (approx. USD 3,924.-), excluding 21% VAT. This price includes ten (10) three-hour course sessions conducted via virtual Microsoft Teams Meeting conference calls, and course materials (course slides, exam handout and sample questions).
This price excludes the course book “Industrial Network Security – Second Edition” by Knapp & Langill (approx. EUR 50), and excludes the actual GIAC Registration and GICSP Certification Attempt (exam) costs, which amount to USD 949.- (approx. EUR 870.-).
Online: conducted via virtual Microsoft Teams Meeting conference