🚀 Launch Special: $29/mo for life --d --h --m --s Claim Your Price →
GICSP
Coming Soon
Expected availability announced soon

This course is in active development. Preview the scope below and create a free account to be notified the moment it goes live.

Notify me
GICSP GIAC Certifications Coming Soon

GICSP

The GICSP course teaches IT and OT professionals the architecture, protocols, security controls, risk assessment, and incident response for industrial control systems, enabling them to protect critical infrastructure.

180
Minutes
82
Questions
71/100
Passing Score
$979
Exam Cost

Who Should Take This

It is intended for engineers, security analysts, and managers who work with SCADA, PLC, or other OT environments and have at least two years of experience in IT or OT security. These learners aim to validate their ability to design, assess, and respond to cyber threats in industrial settings.

What's Covered

1 Domain 1: ICS/SCADA Architecture and Components
2 Domain 2: Industrial Network Protocols
3 Domain 3: ICS Network Security
4 Domain 4: ICS Risk Assessment
5 Domain 5: ICS Incident Response
6 Domain 6: Physical Security for ICS

What's Included in AccelaStudy® AI

Adaptive Knowledge Graph
Practice Questions
Lesson Modules
Console Simulator Labs
Exam Tips & Strategy
20 Activity Formats

Course Outline

63 learning goals
1 Domain 1: ICS/SCADA Architecture and Components
3 topics

Control System Components

  • Describe the function and architecture of Programmable Logic Controllers including CPU modules, I/O modules, communication modules, and their role in process automation.
  • Identify the components and functions of Remote Terminal Units including data acquisition, protocol conversion, and local control capabilities in geographically distributed SCADA systems.
  • Describe Human-Machine Interface design principles including screen layout, alarm management, trending displays, and the security implications of HMI network exposure.
  • Identify the architecture differences between Distributed Control Systems and SCADA systems including centralized versus distributed processing and their security implications.
  • Describe the role of historians, engineering workstations, and data servers in ICS environments including data flow patterns and security considerations for each component.

ICS Architecture Models

  • Describe the Purdue Enterprise Reference Architecture levels from Level 0 physical process through Level 5 enterprise network including the function of each zone.
  • Identify ICS communication patterns between Purdue levels including process data flow from field devices through control systems to enterprise business systems.
  • Compare traditional Purdue model implementations with converged IT/OT architectures evaluating the security tradeoffs of collapsed network boundaries.

ICS Lifecycle and Safety

  • Describe Safety Instrumented Systems including safety integrity levels, independent protection layers, and the criticality of maintaining SIS isolation from process control networks.
  • Identify the unique challenges of patching and updating ICS components including extended maintenance windows, vendor approval requirements, and safety system revalidation.
  • Evaluate the security implications of legacy ICS components that cannot be patched or upgraded including compensating controls and risk acceptance criteria.
2 Domain 2: Industrial Network Protocols
3 topics

Serial and Legacy Protocols

  • Describe Modbus RTU and Modbus TCP protocol structure including function codes, register addressing, and the absence of authentication and encryption in native Modbus.
  • Describe DNP3 protocol architecture including data link, transport, and application layers along with DNP3 Secure Authentication extensions for integrity protection.
  • Identify common attack vectors against legacy industrial protocols including unauthorized command injection, replay attacks, and man-in-the-middle interception.

Modern Industrial Protocols

  • Describe OPC UA architecture including client-server and publish-subscribe communication models along with built-in security features for authentication, encryption, and auditing.
  • Describe EtherNet/IP and CIP protocol architecture including implicit and explicit messaging, connection management, and security considerations for converged Ethernet networks.
  • Configure OPC UA security policies including certificate management, user authentication, and encryption settings to secure industrial data exchange.
  • Compare security capabilities across Modbus, DNP3, OPC Classic, OPC UA, and EtherNet/IP to determine appropriate protocol choices for different ICS security requirements.

Protocol-Level Security Controls

  • Implement deep packet inspection rules for industrial protocols to detect unauthorized Modbus function codes and DNP3 operations at the network perimeter.
  • Configure protocol-aware industrial firewalls to filter and validate ICS traffic based on function codes, register ranges, and device communication baselines.
  • Analyze industrial protocol traffic captures to identify anomalous command sequences, unauthorized device communications, and potential cyber-physical attack patterns.
3 Domain 3: ICS Network Security
5 topics

Zones and Conduits

  • Describe IEC 62443 zone and conduit concepts including security zone classification, conduit requirements, and security level target assignment for industrial networks.
  • Implement network segmentation between ICS zones using industrial firewalls, VLANs, and access control lists aligned to the Purdue model and IEC 62443 requirements.
  • Configure the industrial DMZ to enable secure data exchange between IT and OT networks using jump servers, data diodes, and historian mirroring without direct connectivity.
  • Evaluate network segmentation effectiveness by testing conduit access controls, verifying zone isolation, and assessing lateral movement risk between ICS network zones.

Remote Access Security

  • Describe secure remote access architectures for ICS environments including VPN gateways, jump servers, session recording, and multi-factor authentication requirements.
  • Implement role-based remote access controls for vendor maintenance sessions including time-limited access, supervised sessions, and audit trail requirements.
  • Assess remote access risks for ICS environments by evaluating vendor dependency, credential management practices, and the attack surface introduced by remote connectivity.

Wireless and Field Network Security

  • Identify wireless technologies used in ICS environments including WirelessHART, ISA100.11a, and industrial Wi-Fi along with their security mechanisms and vulnerabilities.
  • Implement wireless intrusion detection and rogue access point monitoring in operational technology environments with minimal impact on process control operations.

ICS Network Monitoring and Detection

  • Describe ICS-specific network intrusion detection approaches including signature-based detection for industrial protocols and anomaly detection based on process behavior modeling.
  • Implement passive network monitoring sensors at strategic points in the ICS network to capture industrial protocol traffic without impacting process control performance.
  • Configure SPAN ports, network TAPs, and packet brokers for ICS traffic collection ensuring complete visibility while maintaining network reliability requirements.
  • Analyze ICS network traffic baselines to establish normal communication patterns and detect anomalies indicating unauthorized access, malware propagation, or process manipulation.

ICS Access Management

  • Describe authentication challenges in ICS environments including shared credentials, lack of centralized identity management, and protocol-level authentication limitations.
  • Implement role-based access control for ICS components including HMI operator access, engineer access, and administrator privileges with audit logging.
  • Configure centralized authentication for ICS environments using Active Directory integration while maintaining fallback local accounts for safety-critical operations.
4 Domain 4: ICS Risk Assessment
4 topics

Risk Frameworks for ICS

  • Describe NIST SP 800-82 recommendations for industrial control system security including risk assessment methodology, security architecture guidance, and countermeasure selection.
  • Describe IEC 62443 security levels and foundational requirements including identification, authentication, use control, data integrity, and restricted data flow for industrial systems.
  • Apply NIST Cybersecurity Framework functions to ICS environments mapping identify, protect, detect, respond, and recover activities to operational technology-specific controls.
  • Compare NIST SP 800-82, IEC 62443, and NERC CIP regulatory frameworks evaluating applicability, prescriptiveness, and implementation guidance for different industrial sectors.

Asset and Vulnerability Assessment

  • Implement passive ICS asset discovery techniques using network traffic analysis to build asset inventories without disrupting operational technology processes.
  • Describe ICS-specific vulnerability databases and advisories including ICS-CERT advisories, CVE entries for industrial products, and vendor security notification processes.
  • Evaluate the risks of active vulnerability scanning in ICS environments including protocol sensitivity, device crashes, and process disruption mitigation strategies.

ICS Threat Landscape

  • Identify major ICS threat actors including nation-state groups, cybercriminal organizations, and insiders along with their motivations and typical attack methodologies.
  • Describe notable ICS cyber incidents including Stuxnet, TRITON/TRISIS, Industroyer, and their attack techniques, targets, and lessons learned for industrial defense.
  • Analyze ICS kill chain models including the ICS Cyber Kill Chain stages to map adversary techniques to detection and defense opportunities at each phase.

ICS Security Governance

  • Describe ICS security policy requirements including acceptable use policies, change management procedures, and security awareness training specific to operational technology personnel.
  • Implement change management procedures for ICS environments including risk assessment for firmware updates, configuration changes, and network modifications to production control systems.
  • Evaluate ICS security program maturity using capability maturity models to identify gaps in governance, technical controls, and operational procedures.
5 Domain 5: ICS Incident Response
2 topics

ICS IR Planning

  • Describe the unique requirements of ICS incident response including safety prioritization, process continuity considerations, and coordination between IT and OT response teams.
  • Implement ICS-specific incident response procedures addressing evidence collection from industrial devices, forensic imaging of PLCs and HMIs, and chain of custody for OT artifacts.
  • Configure ICS network monitoring tools to capture baseline traffic patterns and detect deviations that may indicate compromise of operational technology systems.
  • Evaluate ICS incident response plan readiness by assessing team training, tabletop exercise outcomes, and integration between IT and OT response procedures.

Recovery and Restoration

  • Describe ICS backup and recovery strategies including PLC program backups, HMI configuration snapshots, and validated restoration procedures for safety-critical control systems.
  • Implement secure backup procedures for ICS configurations including offline storage, integrity verification, and version control for PLC programs and HMI projects.
  • Assess recovery time objectives and recovery point objectives for ICS environments considering process safety, regulatory obligations, and business impact analysis.
6 Domain 6: Physical Security for ICS
2 topics

Physical Access Controls

  • Describe physical security controls for ICS facilities including access control systems, surveillance, environmental monitoring, and perimeter protection for control rooms and substations.
  • Implement physical access control procedures for ICS cabinets, wiring closets, and communication rooms including key management, visitor escort policies, and access logging.
  • Configure physical port security on industrial network switches to prevent unauthorized device connections and detect rogue devices in control system networks.

Convergence of Physical and Cyber Security

  • Describe the convergence of physical and cyber threats in ICS environments where physical access enables cyber attacks and cyber compromise can cause physical consequences.
  • Implement integrated monitoring that correlates physical access events with network activity to detect insider threats and unauthorized physical-to-cyber attack chains.
  • Evaluate the effectiveness of defense-in-depth strategies combining physical access controls, network segmentation, and monitoring to protect critical ICS assets.

Scope

Included Topics

  • All domains in the GIAC Global Industrial Cyber Security Professional (GICSP) certification aligned to SANS ICS410: ICS/SCADA architecture, industrial network protocols, ICS network security, ICS risk assessment, ICS incident response, and physical security for industrial control systems.
  • ICS/SCADA system components including Programmable Logic Controllers (PLCs), Remote Terminal Units (RTUs), Human-Machine Interfaces (HMIs), Distributed Control Systems (DCS), historians, and engineering workstations.
  • Industrial network protocols including Modbus TCP/RTU, DNP3, OPC UA, OPC Classic, EtherNet/IP, PROFINET, BACnet, and IEC 61850 with their security characteristics and vulnerabilities.
  • ICS network architecture including Purdue model zones and conduits, industrial DMZ design, firewall placement, data diodes, and remote access security for operational technology environments.
  • ICS risk assessment methodologies aligned to NIST SP 800-82, IEC 62443, and NERC CIP with asset classification, threat modeling, and vulnerability analysis for industrial environments.
  • ICS incident response procedures including evidence preservation in OT environments, coordinated disclosure, and recovery planning for safety-critical industrial systems.

Not Covered

  • Enterprise IT security topics with no direct relevance to industrial control system environments.
  • Vendor-specific PLC programming languages and ladder logic development beyond security implications.
  • Chemical process engineering, electrical engineering, and mechanical engineering fundamentals not directly related to cybersecurity.
  • Cloud-native security architectures and DevSecOps practices outside ICS context.
  • Offensive exploitation techniques and weaponized exploit development against ICS systems.

Official Exam Page

Learn more at GIAC Certifications

Visit

GICSP is coming soon

Adaptive learning that maps your knowledge and closes your gaps.

Create Free Account to Be Notified

Trademark Notice

GIAC® is a registered trademark of Global Information Assurance Certification (a subsidiary of the SANS Institute). GIAC does not endorse this product.

AccelaStudy® and Renkara® are registered trademarks of Renkara Media Group, Inc. All third-party marks are the property of their respective owners and are used for nominative identification only.