Governance, Risk and Compliance - Foundation (NCIIPC-QCI)
Please download and share the filled-out application form along with the required documents.
TUV SUD - Application Form IT ICS Cyber Security Professional
1) In the past few years, there has been an exponential growth in the use of IT and ICS for automating businesses and industrial processes, critical functions and operations, governance and electronic service delivery around the world, especially in India. The informational security requirements are very complex and is a constant struggle for
organizations to meet their workforce requirements to design, implement, operate. manage, protect and defend the complexity and interconnectivity of information technology, industrial control systems and networks. This has resulted in a huge demand on the human resource supply chain to create and sustain large pools of professionally
competent IT and ICS cyber security personnel with certified knowledge, skills, and expertise.
2) CSEs and other organizations are dependent on cyber security specialists, whether they are own employees or from external parties like System Integrators, OEMs and consultancy providers. These specialists are required to handle threats and risks to their IT and ICS systems and networks, applications and data.
3) Cyber security professionals working with or providing services to CSEs are increasingly required to handle the convergence and integration of IT and ICS disciplines, each with its own objectives, bodies of knowledge, organizational cultures, and attitudes towards cyber security. Sectors that use ICS have specific processes and operational procedures mandated from health, safety, and environmental perspectives. Therefore, plugging
identified gaps in information security quickly and seamlessly into these systems and networks, requires a high degree of expertise in both IT and ICS. The CSEs also operate in an interconnected digital ecosystem that requires an understanding of the interdependencies within and across the sectors.
4) Cyber security is specialty domain in its own right, even though it is deeply embedded and integrated into the IT and ICS domains of all technology-enabled organizations and entities. However, the mechanisms for identifying and recognizing different competencies and expertise levels related to cyber security are somewhat disjointed and somewhat localised within the organizations themselves. Globally, many countries have addressed the standardization of cyber security competency profiles and associated capabilities.
5) The Certification Scheme for cyber security professionals is designed and developed to address the cyber security competency requirements of professionals in the Indian environment. Since the work roles and tasks in the Indian context are not yet standardized and remains local to each organization, the approach taken in the certification scheme is to define competency profiles for different cyber security domains that are based on a
combination of knowledge, skills and expertise levels in distinct specialisation areasCyber security professionals are then certified for the competency profile as per ISO/IEC 17024:2012 framework that engages the certification of Persons.
6) A cyber security professional certified under the scheme can demonstrate his competency mentioned in the certificate provided by a PrCB after completing the due process of certifying the knowledge, skills and expertise of the certified personnel in the respective cyber security domain.
7) An organization can classify its information security/ cyber security functions under different cyber security domains defined in the Scheme and use the associated competency profiles to ensure that the competencies of the workforce are aligned to the work roles and responsibilities of the different cyber security domains.
Foundation Module: Enterprise IT Governance, Risk and Compliance (KM-0601F)
- Knowledge of ISO 27001 (ISMS) family, ISO 27014 (ISMS) (governance).
- Knowledge of risk management frameworks (ISO 27005), requirements, its scoring, assessment methodologies, risk management and mitigation strategies, evaluation and validation.
- Knowledge of relevant laws, legal authorities, restrictions, and regulations pertaining to cyber defence activities.
- Knowledge of legal rules of evidence and court procedure.
- Knowledge of organizational security policies, security authorisation and assessment processes.
- Knowledge of information technology (IT) risk management policies, requirements, and procedures.
- Knowledge of laws, policies, procedures, or governance relevant to cyber security for critical infrastructures.
- Skill in technical writing.
- Skill in using various open-source data collection tools.
- Skill in utilizing virtual collaborative workspaces and/or tools.
Foundationlevel is for all cyber security professionals interested in obtainingFoundation level competency certification in Governance Risk and compliancedomain and govern and Administer (GA) Cyber security Function
Educational Qualification – NA
Total Experience - NA
Conduct risk assessment to help identify cybersecurity risks and determine appropriate controls to ensure that IT and ICSsystems perform within acceptable limits of risks. Monitor, track and managerisk mitigations and exceptions to ensure compliance with cyber securitystandards and policies.
- Exam Duration: 60 mins
- Nos. of questions: 45
- Passing criteria: 70%
- Mode of examination: Online proctored.
- Certificates will be provided within 21 working days from the exam date to the candidates who pass.
Please refer to the following policies before appearing for the examination.
1. When can I get the certificate?
Foundation course of Governance, Risk and Compliance (GRC) certification will be issued within 21 working days from the examination date.
2. When can I get the training material and invite?
One day before the commencement of the training program.
3. How do I pay the fees for training and examination?
Online mode
4. What are the benefits of Foundation course of Governance, Risk and Compliance (GRC) certification
Get an introduction to knowledge of ISMS family ISO 27014 (ISMS) (governance).
Get an overview to assessment methodologies, risk management and mitigation strategies
Gain an understanding Knowledge of relevant laws, legal authorities, restrictions, and regulations pertaining to cyber defence activities.
Understand the Knowledge of information technology (IT) risk management policies, requirements, and procedures
5. Is there any refund policy for the paid fees?
Please refer to Cancellation and Refund policy page.