Publicaciones Publications
ICMS Guide for those responsible for building an Industrial Cybersecurity Management System
978-84-947727-5-7
This guide makes it possible to cover the scarcity of normative references that deal, in a particular way, with the management of cybersecurity in industrial automation and control systems. In it, new specific and differentiated guidelines have been developed for an effective, efficient and continuous treatment of the risks to the availability, integrity and confidentiality of the operations and information managed by such systems.
In addition, if you want to learn and put into practice the implementation of an Industrial Cybersecurity Management System, we encourage you to sign up for the practical workshop that CCI organizes: T04. Workshop on the Application of an Industrial Cybersecurity Management System. It is based on this document (which will be delivered at no additional cost as workshop documentation), during which the following topics will be addressed:
- Scope of application of the ICMS
- Overview of the guide and its controls
- Domain 1: Definition of a strategy.
- Domain 2: Industrial Cybersecurity Risk Management
- Domain 3: Promotion of a culture of Industrial Cybersecurity
- Domain 4: Establishment of cyber protection regulations
- Domain 5: Guarantee of Resilience and continuity
For further information, please visit: https://www.cci-es.org/AplicationICMS
If you prefer a more complete training in which to put this document into practice together with other publications of relevant interest, we encourage you to enroll in the practical course that CCI organizes: C02. Course of Cybersecurity Responsible in IACS (Industrial and Automation Control Systems).
Further information about this Course at: https://www.cci-es.org/CourseIACS
Title
09/06/2026
This document analyzes the Industrial Cybersecurity Maturity Model and its digital platform MACIN, developed by the Industrial Cybersecurity Center (CCI) in its 2026 edition. The model is specifically designed for OT environments and aligned with C2M2 v2.1, structuring itself into 10 domains, 45 objectives, and 175 practices evaluated through five maturity levels and four dimensions: processes, technology, people, and results.
27/05/2026
This document contains the SCR2 cyber resilience framework from the Center for Industrial Cybersecurity, designed to govern distributed third-party risk across the industrial supply chain. Through three structured pillars, the model proposes technical, operational, and verifiable capabilities for the supply chain aimed at transforming provider relationships into a strategic alliance for joint resilience. Its core […]
05/05/2026
This document analyzes the success story of Project Hammurabi at Grupo Central Lechera Asturiana, using the NIS2 Directive as a driver to transform its industrial cybersecurity into a model of strategic maturity and governance. Through a structure that emulates the historical legal code, the author José Luis Vega Pardo details the transition from a system of scattered controls to a robust Master Plan that integrates IT and OT environments. […]
22/04/2026
This document analyzes the role of digital twins as a strategic tool to strengthen cybersecurity in industrial environments. Through a technical analysis and a manufacturing use case, the text examines their benefits, implementation challenges, and capabilities for threat simulation. It provides key recommendations for integrating these virtual replicas as essential assets for the operational resilience […]