This diploma thesis deals with the design of a methodology for penetration testing of industrial control systems. This work aims to approach the issue of these systems, which has completely different priorities than information technology systems, and based on these parameters to then design a procedure and rules that should be followed by the subjects participating in the tests. The absence of a methodology for such a specific environment affecting cyberspace and physical space can have catastrophic consequences. The theoretical part deals with basic concepts and terminology important for information and cyber security, operational technologies, and penetration tests. The design then contains a description of the individual steps of the pe...