ICS Cyber Security - Foundation (NCIIPC-QCI)
Please download and share the filled-out application form along with the required documents.
TUV SUD - Application Form IT ICS Cyber Security Professional
1) In the past few years, there has been an exponential growth in the use of IT and ICS for automating businesses and industrial processes, critical functions and operations, governance and electronic service delivery around the world, especially in India. The informational security requirements are very complex and is a constant struggle for organizations to meet their workforce requirements to design, implement, operate,
manage, protect and defend the complexity and interconnectivity of information technology, industrial control systems and networks. This has resulted in a huge demand on the human resource supply chain to create and sustain large pools of professionally competent IT and ICS cyber security personnel with certified knowledge, skills, and expertise.
2) CSEs and other organizations are dependent on cyber security specialists, whether they are own employees or from external parties like System Integrators, OEMs and consultancy providers. These specialists are required to handle threats and risks to their IT and ICS systems and networks, applications and data.
3) Cyber security professionals working with or providing services to CSEs are increasingly required to handle the convergence and integration of IT and ICS disciplines, each with its own objectives, bodies of knowledge, organizational cultures, and attitudes towards cyber security. Sectors that use ICS have specific processes and operational procedures mandated from health, safety, and environmental perspectives. Therefore, plugging identified gaps in information security quickly and seamlessly into these systems and
networks, requires a high degree of expertise in both IT and ICS. The CSEs also operate in an interconnected digital ecosystem that requires an understanding of the interdependencies within and across the sectors.
4) Cyber security is specialty domain in its own right, even though it is deeply embedded and integrated into the IT and ICS domains of all technology-enabled organizations and entities. However, the mechanisms for identifying and recognizing different competencies and expertise levels related to cyber security are somewhat disjointed and somewhat localised within the organizations themselves. Globally, many countries have addressed the standardization of cyber security competency profiles and associated capabilities.
5) The Certification Scheme for cyber security professionals is designed and developed to address the cyber security competency requirements of professionals in the Indian environment. Since the work roles and tasks in the Indian context are not yet standardized and remains local to each organization, the approach taken in the certification scheme is to define competency profiles for different cyber security domains that are based on a combination of knowledge, skills and expertise levels in distinct specialisation areas. Cyber security professionals are then certified for the competency profile as per ISO/IEC 17024:2012 framework that engages the certification of Persons.
6) A cyber security professional certified under the scheme can demonstrate his competency mentioned in the certificate after completing the due process of certifying the knowledge, skills and expertise of the ertified personnel in the respective cyber security domain.
7) An organization can classify its information security/ cyber security functions under different cyber security domains defined in the Scheme and use the associated competency profiles to ensure that the competencies of the workforce are aligned to the work roles and responsibilities of the different cyber security domains.
Foundation Module: ICS Cyber Security
- Knowledge of basics of ICS cyber risk analysis, its methodologies, categorising risk and building risk matrix
- Knowledge of concepts of ICS security including functionality, foundation requirements, defence of depth, security zones, conduits, channels and security levels, asset models, reference architecture.
- Knowledge of improving and maintaining the cyber security posture of the ICS system.
- Knowledge of methods to identify ICS assets and categorise them based on risk criticality
- Knowledge of interconnectivity and communication paths of assets in the ICS environment
- Knowledge of processes of ICS systems in the organization, cyber threat libraries and stages of cyberattacks
- Knowledge of monitoring, reviewing and executing operational requirements to ensure the integrity of ICS network infrastructure
- Knowledge of security requirements of the organization and security environment
- Knowledge of Virtual Private Network (VPN) - types, functions and operation, limitations, bandwidth and dynamics.
- Knowledge of configuration of routers and switches and ICS security system components
- Knowledge of network protocols and operating systems with common specifications and designs for secure ICS systems
- Knowledge of security perimeters, functions, protocols, standards and data encryption along with security threats and vulnerabilities facing ICS systems
- Knowledge of elements, objectives and purpose of security controls in ICS environment
- Knowledge of types of models for OT security {such as Incorporation of Purdue Model for ICS Security (PERA)}
- Knowledge of analysis and verification process, tools and techniques for testing effectiveness of patches
- Knowledge of internal guidelines for managing vulnerability and patch deployment, validation and user- access
- Knowledge of types of system conflicts created when implementing external vendor patches and resources
- Knowledge of purposes of ICS systems and their dependencies on network
- Knowledge of ICS network performance indicators and methods to afssess them
- Knowledge of detection, identification, isolation and limitation techniques of network faults and failures in the ICS environment
- Knowledge of resolution techniques for a range of different network issues in the ICS environment
- Knowledge of critical information to be communicated to the organization regarding network updates ICS network visualization and modelling
- Knowledge of Impact of network performance on ICS operations
- Knowledge of best practices in network administration and maintenance in the ICS environment
- Knowledge of priorities, audience and dependencies with regards to communicating network updates in the ICS environment
- Knowledge of relevant programming languages for applications
- Foundation level is for all cyber security professionals interested in obtaining Foundation level competency certification in ICS Cyber Security domain.
Educational Qualification – NA
Total Experience - NA
- Operate,administer the day-to-day security aspects of ICS environment of organizations.
- Exam Duration: 60 mins
- Nos. of questions: 45
- Passing criteria: 70%
- Mode of examination: Online proctored.
- Certificates will be provided within 21 working days from the exam date to the candidates who pass.
Please refer to the following policies before appearing for the examination.
1. When can I get the certificate?
Foundation course ICS Cyber Security certification will be issued within 21 working days from the examination date.
2. When can I get the training material and invite?
One day before the commencement of the training program.
3. How do I pay the fees for training and examination?
Online mode
4. What are the benefits of Foundation course ICS Cyber Security certification
Get a Knowledge of basics of ICS cyber risk analysis, its methodologies, categorising risk and building risk matrix
Get a Knowledge of concepts of ICS security including functionality, foundation requirements, defence of depth, security zones, conduits, channels and security levels, asset models, reference architecture..
Gain an understanding Knowledge of Virtual Private Network (VPN) - types, functions and operation, limitations, bandwidth and dynamics..
Understand the Knowledge of purposes of ICS systems and their dependencies on network
Knowledge of resolution techniques for a range of different network issues in the ICS environment
Knowledge of Impact of network performance on ICS operations
5. Is there any refund policy for the paid fees?
Please refer to Cancellation and Refund policy page.