ICS Cyber Risk Assessment - Foundation (NCIIPC-QCI)
Please download and share the filled-out application form along with the required documents.
TUV SUD - Application Form IT ICS Cyber Security Professional
1) In the past few years, there has been an exponential growth in the use of IT and ICS for automating businesses and industrial processes, critical functions and operations, governance and electronic service delivery around the world, especially in India. The informational security requirements are very complex and is a constant struggle for organizations to meet their workforce requirements to design, implement, operate,
manage, protect and defend the complexity and interconnectivity of information technology, industrial control systems and networks. This has resulted in a huge demand on the human resource supply chain to create and sustain large pools of professionally competent IT and ICS cyber security personnel with certified knowledge, skills, and expertise.
2) CSEs and other organizations are dependent on cyber security specialists, whether they are own employees or from external parties like System Integrators, OEMs and consultancy providers. These specialists are required to handle threats and risks to their IT and ICS systems and networks, applications and data.
3) Cyber security professionals working with or providing services to CSEs are increasingly required to handle the convergence and integration of IT and ICS disciplines, each with its own objectives, bodies of knowledge, organizational cultures, and attitudes towards cyber security. Sectors that use ICS have specific processes and operational procedures mandated from health, safety, and environmental perspectives. Therefore, plugging identified gaps in information security quickly and seamlessly into these systems and
networks, requires a high degree of expertise in both IT and ICS. The CSEs also operate in an interconnected digital ecosystem that requires an understanding of the interdependencies within and across the sectors.
4) Cyber security is specialty domain in its own right, even though it is deeply embedded and integrated into the IT and ICS domains of all technology-enabled organizations and entities. However, the mechanisms for identifying and recognizing different competencies and expertise levels related to cyber security are somewhat disjointed and somewhat localised within the organizations themselves. Globally, many countries have addressed the standardization of cyber security competency profiles and associated capabilities.
5) The Certification Scheme for cyber security professionals is designed and developed to address the cyber security competency requirements of professionals in the Indian environment. Since the work roles and tasks in the Indian context are not yet standardized and remains local to each organization, the approach taken in the certification scheme is to define competency profiles for different cyber security domains that are based on a combination of knowledge, skills and expertise levels in distinct specialisation areas. Cyber security professionals are then certified for the competency profile as per ISO/IEC 17024:2012 framework that engages the certification of Persons.
6) A cyber security professional certified under the scheme can demonstrate his competency mentioned in the certificate after completing the due process of certifying the knowledge, skills and expertise of the ertified personnel in the respective cyber security domain.
7) An organization can classify its information security/ cyber security functions under different cyber security domains defined in the Scheme and use the associated competency profiles to ensure that the competencies of the workforce are aligned to the work roles and responsibilities of the different cyber security domains.
Foundation Module: ICS Cyber Risk Assessment
- Knowledge of techniques to perform cyber risk assessment in the ICS environment
- Knowledge of methods to identify ICS assets and categorise them based on risk criticality
- Knowledge of Risk analysis methodology
- Knowledge of methods to categorise risk and build risk matrix
- Knowledge of methods to document risk analysis results
- Knowledge of interconnectivity and communication paths of assets in the ICS environment
- Knowledge of processes of ICS systems in the organization
- Knowledge of cyber threat libraries and stages of cyberattacks
- Knowledge of elements of risk assessment and risks scenarios
Foundation level is for all cyber security professionals interested in obtaining Foundation level competency certification in ICS Cyber Risk Assessment (ICR) domain and Analyse & Investigate (AI) Cyber security Function.
Educational Qualification – NA
Total Experience - NA
Developand implement cyber risk assessment and mitigation strategies across thesystems’ life-cycle, taking into consideration the organization’s OTenvironment and external threats.
- Exam Duration: 60 mins
- Nos. of questions: 45
- Passing criteria: 70%
- Mode of examination: Online proctored.
- Certificates will be provided within 21 working days from the exam date to the candidates who pass.
Please refer to the following policies before appearing for the examination.
1. When can I get the certificate?
Foundation course of ICS Cyber Risk Assessment (ICR) certification will be issued within 21 working days from the examination date.
2. When can I get the training material and invite?
One day before the commencement of the training program.
3. How do I pay the fees for training and examination?
Online mode
4. What are the benefits of Foundation course of ICS Cyber Risk Assessment (ICR) certification
Get a Knowledge of techniques to perform cyber risk assessment in the ICS environment
Get a Knowledge of methods to identify ICS assets and categorise them based on risk criticality
Gain an understanding Knowledge of interconnectivity and communication paths of assets in the ICS environment
Understand the Knowledge of processes of ICS systems in the organization
5. Is there any refund policy for the paid fees?
Please refer to Cancellation and Refund policy page.