Become a Certified Industrial Cybersecurity Professional (CICP)

This is the best ICS Security course that you can find anywhere

    • Self paced, modular online e-learning course that you can start now
    • Free exam and certification when you take the course and pass. Earn the CICP title that you can display against your name.
    • Easy to understand with graphics, animations and exercises- it is not just a video of some guy talking.
    • Covers IEC 62443 standards
    • Cost Effective

Learn all about ICS Cyber Security and become a Certified Industrial Cybersecurity Professional

Take  this this  Abhisam online course now and learn all about ensuring Industrial Control System security, SCADA security and Safety Instrumented System security.

After completing the course and passing the exam and assignment, you can become a Certified Industrial Cybersecurity Professional (CICP).

Industrial Control Systems, referred to as ICS for short, include control systems such as DCS, PLC, SCADA based systems as well as Safety Instrumented Systems (SIS). They are the crucial systems that control industrial plants & machinery and keep them safe.

Where are Industrial Control Systems (ICS) used?

Not only manufacturing plants,  but also critical infrastructure  (such as the Electrical Grid, pipelines, power generation , water distribution and  other utilities) as well as control and automation systems used in the Marine industry (such as on ships and inside ports), railways, nuclear power, thermal power, renewable power generation and many more places make extensive use of automation and safety systems which are collectively known as Industrial Automation Control Systems (IACS). They are also referred to as OT (Operational Technology). Protecting these systems from cyber attacks is known as OT security.

This is distinct from IT security, which is the technology used to protect Information Technology systems such as Banking, Stock Market systems, currency trading systems or corporate ERP systems.

ICS network and control systems also include Building automation systems,  Transportation related control systems (for example Railway signaling systems, ship control systems and so on) as well as Defense related installations.

Why is OT Security important?

Today the biggest threats facing  a control system is from the cyber domain. Typically many manufacturing plants and critical infrastructure that exists today was built many years ago. At that time a typical control system was not built for resilience against malicious attacks and even today many of these ICS environments, use older operating systems for their Human Machine interface (Operator and Engineering stations). Many times the Industrial Control System in an older plant, may run on a very old operating system, which may be difficult to upgrade and patch.

When malicious entities target and attack your control system then you may not only

      • Lose your Intellectual Property (stealing batch recipes, setpoints, process data, production figures, yield ratios) that are stored in the ICS environments.

      • Put your Assets at risk (the breached Industrial Control systems may execute unwanted actions that can cause fires, explosions and environmental damage)

      • Damage your organization’s reputation and market capitalization
      • Run afoul of the law

You may need to prepare an incident response protocol that will take these above into account.

Key Benefits of the Course

Earn Certificates and Badges

Industrial Cybersecurity Professional badge



“I am working in one of the world’s leading EPC company , engaged in the Cement and Mining industry. We purchased the ICS CYBER SECURITY TRAINING & CERTIFICATION e-learning courses. I found this course to be very informative and easy to understand. I and my colleagues completed the course successfully and got the certificates and badges. I personally recommend this course whoever interested to learn about Industrial Control System Cybersecurity.

I wish success for Abhisam team for their great work.”

D. Anbudurai , FLSmidth

Free Industrial Cybersecurity Report

Download the Abhisam Industrial Cybersecurity report now. No sign up required. Industrial Cybersecurity Report

Who should take this course?

This course can be taken by anybody wishing to learn about OT Security. You need to know the basics of computer system networks.  The following roles will find this especially useful:

    1. Instrument, Control Systems or Automation Engineers with experience in industry.
    2.  IT security professionals who wish to expand their domain into OT security.
    3. IT professionals who wish to know about OT security.

Choose from any of the versions.

Scroll below to see complete contents.


For one learner
$ 595
  • Course Duration: 60 hours of self paced learning (Earn 60 PDH)
  • Access the course online 24/7 via any device for one year
  • Exam & Certification as CICP for one learner
  • Course Completion Certificate for one learner


For one learner
$ 795
  • Everything in Standard plus
  • Includes additional Advanced modules such as IEC 62443-2-4 compliance & Supply chain security
  • Access the course for 3 years.

Get Trial Access to all Abhisam courses, including this Industrial Cybersecurity course for $7. You will NOT be billed automatically after trial ends.

Table of Contents

Overview of Industrial Automation & Control Systems (DCS/PLC/SCADA/SIS)

  • Introduction to Industrial Control Systems

  • Industrial Control Systems Application Areas

  • Cyber physical systems

  • Evolution of Industrial Control Systems

  • Pneumatic Controllers

  • Single Loop Controller architecture

  • Control Rooms

  • Control Room & Field

  • Analog Electronic Signals

  • Traditional Controls

  • Point to Point Architecture

  • DDC to DCS

  • DCS

  • DCS as a group of controllers

  • DCS Connection to field devices

  • Fieldbus


  • Programmable Logic Controllers




  • Safety Instrumented Systems

  • SIS Cybersecurity

  • Typical Industrial Control System Architecture

  • Automation Hierarchy

  • Conclusion

Basic Concepts of Cybersecurity

  • Cybersecurity Basics

  • Cybersecurity Policy

  • Authorized Access

  • Unauthorized Access

  • Brute Force Attacks

  • Secure Communication

  • Authentication

  • Non Repudiation

  • Encryption

  • Public and Private Keys

  • Locking and Unlocking

  • Public Key Cryptography

  • Digital Signature

  • Defense in Depth

  • Privileges

  • Role of Malware

  • Understanding malware delivery

  • Attack Surface

  • Threats & Vulnerabilities

  • Viruses

  • Worms

  • Trojans

  • Types of Trojans

  • Ransomware

  • Scareware


  • Command & Control

  • Firewalls

  • Firewall Basic Working

  • Classes of Firewalls

  • Deep Packet Inspection Firewalls

  • Intrusion Detection Systems

  • Denial of Service

  • Distributed Denial of Service

  • Telephonic Denial of Service

  • Penetration Testing

  • Backdoors

  • Backdoor Example

  • Demilitarized Zone

  • Privilege Escalation

  • Network Hardening

Threats to IACS

  • Introduction

  • Threats to IACS

  • IACS Threat Severity

  • Vulnerability Causes

  • Increased Connectivity

  • Insecure by design

  • Use of COTS

  • Shodan

  • Skill Levels needed

  • Lack of awareness

  • Predisposing Conditions

  • Four Steps to an Attack

  • Vectors

  • Phishing

  • Spear Phishing

  • Social Engineering

  • Fake Profiles

  • Insecure Connections & Firewalls

  • Malicious Websites

  • Waterholing

  • Fake Updates and Pirated Software

  • USB Drives

  • Devices and Software with Vulnerabilities

  • Buffer Overflow

  • SQL Injection

  • APT

  • Port Scanning

  • Cross Site Scripting

  • Packet Sniffing

  • Zero Day Exploits

  • Exploit Markets

  • IACS Attack Categories

  • ICS Targeted attacks

  • Attack Sequence of Events

  • Man in the middle attack

  • MITM in ICS

  • Denial of Service

  • Replay attack

  • Spoofing

  • Blended Attacks

  • More Information

IACS  Security Standards

  • Introduction

  • ISA99- Purdue Model

  • IEC 62443 Standard

  • ANSI/ISA/IEC62443 Organization-1

  • Zones, Conduits and Security Levels

  • Chlorine Loading Example

  • Security Level Types

  • Security Levels

  • Cybersecurity Management System & Incident Response

  • ISA Secure Scheme

  • ISO 31000

  • ISO 27000

  • IEC 61508

  • IEC 61508 implementations

  • IEC 61511

  • IEC 61511- More clauses

  • SIS Implications

Risk Assessment & Risk Management

  • Introduction

  • ABC Industries Risk Assessment

  • Risk Assessment & Mitigation

  • Non Safety Consequences

  • Risk Assessment Process

  • Security Vulnerability Analysis

  • IACS Evaluation

  • Initial Risk Assessment

  • Threat Assessment

  • IACS Vulnerabiility

  • Consequence Analysis

  • Example Calculation

  • Tolerable Risk

  • Modification-Small Site

  • Modification-Medium Site

  • Modification-Large Site

  • Modification-Remote Site

  • Seven Steps

  • Second Risk Assessment

  • Periodic Assessment

  • Cyberattack Mitigation

Case Study

Learn in detail about Stuxnet, the most infamous Industrial Cyberattack till date. This is a must know module for security professionals.

Implementing IACS Security

This module will have several parts that form the Abhisam  IACS Security Lifecycle as below:

1.People, Policies, Procedures & Standards.

  • Roles & Responsibilities
  • Use Least Privilege
  • Privilege Escalation
  • Standards
  • Recommended Practices
  • Technical Reports
  • Which Standards to use
  • IEC 62443, NIST 800-82 and NERC CIP

2. Hazard and Risk Assessment

  • Example
  • Overfill Prevention System
  • OPS Vulnerability
  • Risk Assessment Techniques
  • Consequences
  • Risk Matrix based techniques
  • Types of Risk Matrices
  • Security Vulnerability Analysis

3. Asset Inventory Management

  • What are IACS Assets
  • Other IACS related systems
  • Software tools
  • Asset Monitoring
  • Sample format

4. Training & Competency Management

  • Introduction
  • Training IACS related personnel
  • Types of training
  • Competency Management

5. Secure Architecture, Devices, Configuration and Software coding practices

  • Introduction
  • Secure Architecture
  • Firewalls and Unidirectional Gateways-1
  • Firewalls & UGWs-2
  • How unidirectional gateways work
  • Internet facing devices
  • Portable IACS Devices
  • Vendor brought portable IACS devices
  • Secure configuration
  • Secure software
  • Top 20 coding practices for PLCs

6. Intrusion Detection & Prevention

  • Intrusions
  • Intrusion Detection Methods
  • Intrusion Detection System (IDS)
  • Anomaly detection
  • Hybrid detection technique
  • Example IDS working
  • Other signs of intrusion
  • Perimeter security

7. Event Logging & Analysis

  • What is event logging in IACS
  • Importance of ICS event logs
  • Trigger events
  • Clocks and Time stamping systems
  • Time synchronization and Network Time Protocol (NTP)
  • Time servers
  • IACS Event logging coverage
  •  Log access Permissions
  • Data Historians

8. Incident Response

  • Incident Response capability
  • Incident Response Planning
  • Incident Response organization
  • Integration with site Emergency Plan
  • Incident Response Team composition
  • Incident Response Team Roles and Responsibilities
  • Incident Response Policy
  • Incident Response Procedures
  • Incident Recognition
  • Containment
  • Remediation
  • Recovery

9. Backup & Restore

  • Why separate IACS Backup and Recovery
  • IACS Backup and Recovery Plan
  • Disaster Management
  • Automated backups
  • Backup Testing
  • Backup before patching
  • Backup after patching
  • Backup services from IACS vendors
  • Backup locations
  • Vulnerabilities in automatic backup systems
  • Case Study- Automatic Backup System vulnerability

10. Patch Management & Testing

  • History of IACS patching
  • Current state of IACS patching
  • Patching Vulnerabilities
  • Patch creation
  • Why patch management?
  • IEC 62443-2-3 patch management
  • Setting up an organization
  • Which devices to patch
  • Tracking new patches
  • Support lifecycle
  • Patch applicability
  • Patch authenticity verification
  • Patch deployment
  • Rollbacks
  • IACS Vendor supported automated patch management
  • Testing the patch deployment
  • When patches cannot be applied
  • Compensating Controls

Advanced Industrial Cybersecurity Modules-1

These are essential to know for security professionals and are in Standard as well as Professional versions

  • Understanding the Cyber Kill Chain for ICS security

  • Understanding the MITRE ATT&CK Matrix

  • ICS Honeypots

  • Other ICS device search engines like Shodan

  • Self Assessment for Advanced Module

Advanced Industrial Cybersecurity Modules-2

These are available only in the Professional version

  • IEC 62443-2-4 compliance- A How To module for Automation vendors, system integrators & asset owners
  • Supply Chain Cybersecurity (Coming Soon)
  • CHAZOP as a Risk Assessment tool for ICS Security (Coming Soon)

Be part of the Abhisam Cybersecurity Thriller!

Be part of the Red Team or Blue Team in this exercise that involves a manufacturing process and a control system.

(Coming Soon )

Before you take the Certification Exam you can take this mock test for practice.

Still Have Questions? No Problem, Here's A List Of Our Most Frequently Asked Questions (FAQ).

What is this? Is it just a power point presentation?

No, it is NOT a power point presentation at all! It is a full fledged, comprehensive e-learning course that we call as an XPRTU. It has text, graphics, animations, videos, exercises that form a complete learning course.


How do I get  Certified as a CICP?

Simply take the Abhisam online exam within the validity of the license period and complete the assignment. On passing the exam and on acceptance of the assignment, you get an Electronic Certificate (pdf) as well as a Badge  that you can display online on places such as LinkedIn or Facebook.

Do I have to take the exam and assignment?

Only if you wish to qualify as a CICP. If you do not wish, you can always opt to receive a Certificate of Course completion.


What does the $7 trial include?

The $7 trial includes trial access to ALL the courses in the Abhisam Catalog for a limited time.

After the trial is over you can choose to either buy an individual course OR subscribe to the GOLD or PLATINUM membership plans.

Your card will not be billed automatically.


Which versions are available?

This course is available as either  Standard version,   Professional version, or as part of the Abhisam GOLD membership level.

The Standard version allows you to access the course online from any device (PC/tablet/smartphone) that has an internet connection and a browser that supports HTML 5 (such as Mozilla Firefox, Google Chrome, Internet Explorer, Microsoft Edge, Opera, etc). You can access the course for a period of one year, within which you need to take the exam and complete the assignment to earn a Certificate (electronic) and the designation of CICP. You will also earn an electronic badge that can be displayed online on LinkedIn and similar portals.

The Professional version allows you to  access the course for a period of 3 years. Additionally, you also get access to some more advanced modules.

The content in the Standard and Professional versions is the same, except that the Professional version has some additional advanced modules.


What is the Enterprise version?

This is meant for organizations with 10 or more learners. Contact Us for pricing.

What is the Abhisam GOLD membership?

When you subscribe to the Abhisam GOLD membership, you get access to all the courses in the Abhisam Catalog, by paying just one low monthly subscription. You can also get a free certification exam every month. If you are interested in taking a bunch of courses, then the GOLD membership gives you an affordable plan to do this. This is available to individuals only.

What is the Abhisam Platinum membership?

This is meant for organizations with multiple learners. When you subscribe to the Abhisam Platinum membership, your learners get access to all the courses in the Abhisam Catalog, by paying just one low Enterprise yearly subscription. You can also get a free certification exam every month.  Additionally you also get a Dashboard where your Training Manager can see the progress of the learners, such as learner module completion, login times, test scores, etc.

What is the ordering process?

When you click on the Buy Now button, you will be taken to the Fast Spring  secured payment site. Ordering is completely secure. You can pay online by either Credit Card or wire transfer/manual order. Note that you will get the license key to activate only after payment is approved.

Still Have Questions?

No Problem. Contact Us by filling the form below and we will get back to you.

Free Industrial Cybersecurity White Papers

Top 5 Myths about Industrial Cybersecurity busted!

What is ICS Security?

Over the past few years there has been a growing interest in the subject of ICS Security. ICS stands for Industrial Control Systems. These systems are of various types such as DCS (Distributed Control Systems), SCADA (Supervisory Control and Data Acquisition Systems), PLCs (Programmable Logic Controllers) and SIS (Safety Instrumented Systems). Sometimes ICS security is also referred to as SCADA Security or Industrial Control System security. 


Contact Us by filling the form below OR call us OR email