Publicaciones Publications
Industrial Cybersecurity Maturity Assessment Tool"
978-84-947727-4-0
Tool that allows any industrial organization to evaluate its cybersecurity capabilities. Developed based on C2M2 and valid for any type of infrastructure and degree of automation of the organization. The level of exposure is taken into account, in this way an organization with low exposure requires fewer objectives to cover than one with high exposure.
In addition, we encourage you to sign up for the practical workshop that CCI organizes: T01. Workshop Maturity Assessment of the Cybersecurity Process in Industrial Organizations, through which you will be able to acquire the necessary knowledge to determine the degree of maturity in cybersecurity in an industrial organization with respect to the requirements of the organization, identifying the main security gaps, as well how to establish comparisons between different organizations in terms of their maturity in Industrial Cybersecurity capabilities. It is based on this document (which will be delivered at no additional cost as workshop documentation), during which the following topics will be addressed:
- Maturity models
- Tool overview
- Strategy and organization areas
- Asset, risk and operation areas
- Configuration and access areas
- Continuity area
- Benckmarking. 27 relevant objectives
For further information about the workshop, please visit: https://www.cci-es.org/Maturity
If you prefer a more complete training in which to put this document into practice together with other publications of relevant interest, we encourage you to enroll in the practical course that CCI organizes: C02. Course of Cybersecurity Responsible in IACS (Industrial and Automation Control Systems).
More information about this Course at: https://www.cci-es.org/CourseIACS
Title
05/05/2026
This document analyzes the success story of Project Hammurabi at Grupo Central Lechera Asturiana, using the NIS2 Directive as a driver to transform its industrial cybersecurity into a model of strategic maturity and governance. Through a structure that emulates the historical legal code, the author José Luis Vega Pardo details the transition from a system of scattered controls to a robust Master Plan that integrates IT and OT environments. […]
22/04/2026
This document analyzes the role of digital twins as a strategic tool to strengthen cybersecurity in industrial environments. Through a technical analysis and a manufacturing use case, the text examines their benefits, implementation challenges, and capabilities for threat simulation. It provides key recommendations for integrating these virtual replicas as essential assets for the operational resilience […]
15/04/2026
This document analyzes OT cybersecurity risks in the railway sector, considered an essential infrastructure. Through expert assessment, it models two key attacks: traffic management intrusion and “trackside” system manipulation. The report details the phases of these incidents, from initial access to systemic impact on operations. Finally, it proposes strategic solutions under the IEC 62443 standard […]
24/11/2025
The new Industrial CRA Position Paper from the Industrial Cybersecurity Center highlights a critical need: adapting the European Cyber Resilience Regulation to the reality of OT environments. Critical infrastructures, legacy systems, decades-long life cycles, and the absolute priority of availability make it impossible to apply the CRA as currently designed. The document proposes a multisectoral […]