abhisam Industrial Cybersecurity

Certification Course

©2022. Abhisam Software. All rights reserved [email protected]

abhisam
Introduction

Industrial Cybersecurity Certification Course

Industrial Cybersecurity is all about
protecting Industrial Automation,
Control Systems, Safety Systems (IACS
for short) and other OT (Operational
Technology) systems against cyber
threats.
This Industrial Cybersecurity Course
from Abhisam helps engineers,
managers and technical professionals in
learning how to protect these systems
from cyber attacks.

On successfully completing this course, passing the associated exam and successfully submitting
the assignments, learners qualify as a CICP-Certified Industrial Cybersecurity Professional.

Why take this course

Every year, there are a large number of attacks on Industrial Control, Automation and Safety
Instrumented systems, as well as on other OT systems and the number keeps growing. Many of
these systems are legacy systems that were designed many years ago, when today ’s cyber threats
were not present. The consequences of attacks on unsecured Industrial systems and other critical
infrastructure related systems, can be very severe. This may result in not just loss of confidential
information, but also physical damage to assets, process upsets that may lead to fire, explosion,
possible loss of containment and /or injury to humans.

Why take this course from Abhisam

Abhisam is a global leader in technical e-learning and certification for engineers, technical
professionals and managers all over the world. Since 2003, Abhisam courses have been taken by
thousands of professionals, working for marquee corporations (including Fortune 500 companies)
and government authorities, as well as by individuals, consultants and universities/colleges.
In the year 2018, Abhisam introduced this Industrial Cybersecurity course, a complete e-learning
course, designed by experts in Industrial Cybersecurity, so that it becomes very easy to learn
everything that you need to know about this important subject. The course has animated
simulations, videos, interactive exercises and other material that make learning the subject, fun
and easy! Since then, the course has been updated several times and is frequently updated so that
it remains current.
Compared to courses from other providers, Abhisam courses have better content, but cost much
less and can be deployed to even thousands of learners, simultaneously, via the Abhisam Learning
Management System, or via your organization’s own SCORM or xAPI compliant LMS.

©2022. Abhisam Software. All rights reserved [email protected]

abhisam
Key Benefits of taking the Abhisam Industrial Cybersecurity Course

Industrial Cybersecurity Certification Course

• Covers everything that you need to know about ICS security and OT security
• No need to take multiple courses– just this one course covers almost everything related to ICS
security.
• Situational videos that make understanding easy.
• Easy to understand text, animations, simulations and graphics.
• Self Assessment Tests that helps you prepare for the final exam.
• Real Life Case Studies and examples.
• Covers key parts & aspects of the IEC 62443 standard.
• Earn the CICP certification at no additional cost. This is much more cost effective than other
certifications.

Enterprise Customer Review

“I am working in one of the world’s leading EPC company , engaged in the Cement and Mining
industry. We purchased the Abhisam ICS CYBER SECURITY TRAINING & CERTIFICATION e-learning
courses. I found this course to be very informative and easy to understand. I and my colleagues in
Denmark completed the course successfully and got the certificates and badges. I personally
recommend this course to whoever is interested to learn about Industrial Control System
Cybersecurity.

I wish success to the Abhisam team for their great work.”

D. Anbudurai, FLSmidth

DEMO

To view a demo of the course, please click the picture below. You must be online for this to work.
Please allow Autoplay in your browser if it does not load.

© 2022. Abhisam Software. All rights reserved [email protected]

abhisam
Complete Case Study

Industrial Cybersecurity Certification Course

Get a complete Case Study of an attack on a critically important manufacturing facility that resulted
in extensive damage to assets.

Representational Image

Abhisam Cybersecurity Thriller (Coming soon)

Participate in this simulated real life thriller that deals with attack/defense, of an Industrial
Control System at a manufacturing plant. This is a tabletop Red Team/Blue Team exercise that
you will enjoy. Watch the trailer below to know more. Click on the picture to view (will open in
your browser– you need to be online in order to view it). You can choose to participate in the
Red Team (Attackers) or the Blue Team (Defenders).

©2022. Abhisam Software. All rights reserved [email protected]

abhisam
Self Assessment Test

Industrial Cybersecurity Certification Course

Know your own understanding of the subject, via the included Self Assessment Test. This also
prepares you for the actual Certification Exam. Below is a screenshot of one of the questions from
the Self Assessment Test.

Low-res screen grab

Advanced Modules

Also get several advanced modules that include the MITRE ATT&CK® for ICS matrix model,
Honeypots, Shodan alternatives and more. The “Understanding IEC 62443-2-4” module is also
included in the Professional version of the course.

©2022. Abhisam Software. All rights reserved [email protected]

abhisam
COURSE CONTENTS
MODULE 1 - Overview of Industrial Automation & Control Systems (DCS / PLC / SCADA /SIS)

COURSE CONTENTS
• Introduction to Industrial Automation & • DCS as a group of controllers
Control Systems (IACS) • DCS Connection to field devices
• IACS Application Areas • Fieldbuses
• Cyber physical systems • MODBUS
• Evolution of IACS • Programmable Logic Controllers (PLC)
• Pneumatic Controllers • PLC HMI
• Single Loop Controller architecture • SCADA
• Control Rooms • PLC-SCADA
• Control Room & Field • Safety Instrumented Systems
• Analog Electronic Signals • SIS Cybersecurity
• Traditional Controls • Typical IACS Architecture
• Point to Point Architecture • Automation Hierarchy
• Direct Digital Control (DDC) to Distributed
Control Systems (DCS)

MODULE 2- Basic Concepts of Cybersecurity

• Cybersecurity Basics
• Cybersecurity Policy • Types of Trojans
• Authorized Access • Ransomware
• Unauthorized Access • Scareware
• Brute Force Attacks • Spyware
• Secure Communication • Command & Control
• Authentication • Firewalls
• Non Repudiation • Firewall Basic Working
• Encryption • Classes of Firewalls
• Public and Private Keys • Deep Packet Inspection Firewalls
• Locking and Unlocking • Intrusion Detection Systems (IDS)
• Public Key Cryptography- • Denial of Service
• Digital Signature • Distributed Denial of Service (DDoS)
• Defense in Depth • Telephonic Denial of Service (TDoS)
• Privileges • Penetration Testing
• Role of Malware • Backdoors
• Understanding malware delivery • Backdoor Examples
• Attack Surface • Demilitarized Zone
• Threats & Vulnerabilities • Privilege Escalation Vulnerability
• Viruses • Network Hardening
• Worms
• Trojans
©2022. Abhisam Software. All rights reserved [email protected]
abhisam
MODULE 3 - Threats to IACS

• Introduction • Fake Updates and Pirated Software

• Threats to IACS • USB Drives

COURSE CONTENTS
• IACS Threat Severity • Devices and Software with Vulnerabilities
• Vulnerability Causes • Buffer Overflow
• Increased Connectivity • SQL Injection
• Insecure by design • Advanced Persistent Threats (APT)
• Use of COTS • Port Scanning
• Shodan • Cross Site Scripting
• Skill Levels needed • Packet Sniffing
• Lack of awareness • Zero Day Exploits
• Predisposing Conditions • Exploit Markets
• Four Steps to an Attack • ICS Attack Categories
• Vectors • ICS Targeted attacks
• Phishing • Attack Sequence of Events
• Spear Phishing • Man in the middle attack
• Social Engineering • MITM in ICS
• Fake Profiles • Denial of Service
• Insecure Connections & Firewalls • Replay attack
• Malicious Websites • Spoofing
• Waterholing • Blended Attacks

MODULE 4 - ICS Cybersecurity Standards

Section 1 – Overview Section 2 – Foundational Requirements of IEC

• Overview of standards in ICS security 62443
• ISA 99 • Introduction
• Purdue Model • Foundational Requirements-1
• Purdue Model Architecture • Foundational Requirements-2
• ISA/ IEC 62443 Overview • FR-IAC
• IEC 62443 Organization-1 • FR-UC
• IEC 62443 Organization-2 • FR-SI
• IEC 62443 published parts • FR-DC
• System Under Consideration (SuC) • FR-TRE
• IEC 62443-1-1 Overview • FR-RA
• Concept of Zones & Conduits
• Zones Section 3 – Zone Partitioning Example
• Conduits • Introduction
• Security Levels (SL) • Example Intro- Chlorine Facility
• Example- IACS Zones & Conduits • Determining SLs
• Security Level Types • Target SLs
• Security Levels • Achieving the SL

©2022. Abhisam Software. All rights reserved [email protected]

abhisam
• Final architecture Section 6 – IEC 62443-4 (Contd)
• Next Steps • CSSC-2 Compensating Countermeasures
• CSSC-3 Principle of Least Privilege
Section 4 – IEC 62443-2 • CSSC-4 Design and support as per SDLC

COURSE CONTENTS
• Introduction • Self Assessment
• IEC 62443-2-1
• IEC 62443-2-3 Section 7 – Other Standards & Schemes
• IEC 62443-2-4 • Introduction
• Vendors & System Integrators • ISA Secure Scheme
• Relationships • ISO 31000
• Example– Simple • ISO 27000
• Example– Complex • IEC 61508 Functional Safety
• IEC 61508 Security Clauses
Section 5 – IEC 62443-3 • IEC 61511 Process industries Standard
• Introduction • IEC 61511– Security Clauses
• IEC 62443-3-1 • Cybersecurity - Safety Instrumented Systems
• IEC 62443-3-2
• The IEC 62443-3-2 Process MODULE 5 – IACS Risk Assessment
• IEC 62443-3-2 Process details
• IEC 62443-3-3 Overview • Introduction
• IEC 62443-3-3 Details • Risk Assessment Case Study
• Security Levels • Risk Assessment & Mitigation, Incident
• Mapping SLs to FRs Response
• Mapping FRs and REs to SLs • Non Safety Consequences
• Self Assessment • Risk Assessment Process
• Security Vulnerability Analysis
Section 6 – IEC 62443-4 • ICS Security Evaluation
• Introduction • Initial Risk Assessment
• IEC 62443-4-1 and IEC 62443-4-2 • Threat Assessment
• IEC 62443-4-1 • ICS Vulnerabiility Assessment
• Secure Product Development Lifecycle • Consequence Analysis
• IEC 62443-4-1 and 2-Applicability • Example Calculations
• Capability Maturity Model • Tolerable Risk
• SDLC Practices ( 1-8) • Modification-Small Site
• IEC 62443-4-2 • Modification-Medium Site
• Technical Security Requirements • Modification-Large Site
• Foundational Requirements revisited • Modification-Remote Site
• Component Requirements (CRs) • Seven Steps to be carried out
• CRs and REs • Secondary Risk Assessment
• Mapping CRs and REs to SLs • Periodic Assessment
• Common Component Security Constraints • Cyberattack Mitigation
• CSSC-1 Support of Essential Functions

©2022. Abhisam Software. All rights reserved [email protected]

abhisam
MODULE 6– IACS Cybersecurity Lifecycle

Section 1 to Section 10
This module has TEN sections that cover the following topics in detail:

COURSE CONTENTS
1. People, Policies, Procedures and Standards
2. Hazard and Risk Assessment
3. Asset Inventory
4. Training & Competency
5. Secure Architecture, Devices, Configuration, Software
6. Intrusion Detection & Prevention
7. Event Logging and Analysis
8. Incident Response
9. Backup & Restore
10. Patch Management & Testing

MODULE 7 – IACS Cybersecurity Case Study

In this module, study in detail the STUXNET cyber attack

MODULE 8– Self Assessment Test

In this module, take a Self Assessment Test to know how well you have understood the subject so
far.

ADVANCED MODULES

These Advanced Modules are in two parts, Advanced Module-1 and Advanced Module-2.

Advanced Module-1

• The Cyber Kill Chain Model

• MITRE ATT&CK for ICS Framework
• Honeypots for IACS
• Advanced SHODAN techniques and other methods using other tools

©2022. Abhisam Software. All rights reserved [email protected]

abhisam
ADVANCED MODULES (contd)

Advanced Module-2 is only in the Professional and Enterprise versions.

COURSE CONTENTS
Advanced Module-2
• Understanding and Complying with IEC 62443-2-4

• Supply Chain Cybersecurity for IACS & SBOMs (Coming Soon)

CICP EXAM

After completing the modules, you are eligible to take the CICP Exam. This is an online exam that
you can take anytime after course completion (but within 1 year of enrolment).

The exam will have questions drawn from a large database of questions, based on what you
learned in the course.

On passing, you earn the title of CICP – Certified Industrial Cybersecurity Professional.

©2022. Abhisam Software. All rights reserved [email protected]

abhisam
Get Certified. Earn Electronic Badges too! Display and Share them online.

Industrial Cybersecurity Certification Course

After you complete the course and pass the exam, you earn a title of CICP – Certified Industrial
Cybersecurity Professional with a certificate and an electronic badge, issued via Badgr, that you can
add to your LinkedIn profile or other places online. This enables you to show your credentials to
bosses, clients or potential customers.

Your badge and certification information will then appear under the Certifications section of your
LinkedIn profile. The title of the achievement, will link to a verification page where additional
information is available, including a longer description, evidence, the badge image and criteria for
the accomplishment, details about the issuer, and validation of the achievement's authenticity. Thus
your skill is easily verifiable by any third parties including clients, customers, employers and peers.

This is a great way to enhance your public profile regarding your skills and is available for all
learners. You can also add your Badge to the LinkedIn feed, where you can announce your
achievement to your LinkedIn connections.

Display your achievement badge to Facebook

Similarly you can post to Facebook and other social media platforms easily via Badgr.

Conformance to global standards- Mozilla Open Badge framework

Furthermore, Abhisam badges conform to the Mozilla Open Badge framework and can be easily
added to your Mozilla back pack.

Note: The Badgr, Linkedin, Facebook and Mozilla OpenBadges logos belong to the respective organizations

©2022. Abhisam Software. All rights reserved [email protected]

abhisam
VERSIONS

Industrial Cybersecurity Certification Course

The Industrial Cybersecurity e-learning course is available in three versions as outlined below.

Standard Version
The Standard version has all the modules, including the Advanced Module-1 and comes with 1 year
online access to the course, accessible from any smart device. It also includes the CICP certification .
It does not include the Advanced Module-2.

Professional Version
The Professional version has everything in the Standard version plus access to the course for 3 years,
and also includes the Advanced Module-2 that includes the “Understanding IEC 62443-2-4”
module.

Enterprise Version
This version is for organizations with multiple numbers of learners (5 or more). It Includes
everything in the Professional version, except the access period which is for 1 year. It can also be
purchased as a SCORM/xAPI version (optional addon price) for use in your own Enterprise LMS.

Benefits Standard Professional Enterprise

All Modules except

Advanced Module-2

Understanding IEC
62443-2-4 module

Other modules in
Advanced Module –2
(coming soon)

Red Team/Blue Team

Tabletop Exercise
(Coming Soon)

CICP Exam &

Certification

Access Devices PC, Mac, Tablet or PC, Mac, Tablet or PC, Mac, Tablet or
Smartphone via any Smartphone via any Smartphone via any brows-
browser that supports browser that supports er that supports HTML5
HTML5 HTML5

Access Period One Year Three Years One Year

Ideal for Individuals Individuals Organizations

©2022. Abhisam Software. All rights reserved [email protected]

abhisam

How to order

Industrial Cybersecurity Certification Course

This course & certification can be ordered in a variety of ways, by online payment via credit or
debit card, via wire transfer payments, physical checks, Paypal or several other options.
Our online orders are processed via FastSpring, who are our authorized resellers and act as the
merchant of record.
Local taxes are extra and will be applicable depending on the ordering location.
Contact us for more information
[email protected]

US INDIA
Abhisam Software Abhisam Software Pvt Ltd
8345 NW 66th St #9035 Pokhran Road #2
Miami FL 33166-2626 Thane
USA India
Phone: +1 (305) 407 2679 Phone: +91 7208060349
Email: [email protected]

www.abhisam.com

©2022. Abhisam Software. All rights reserved [email protected]