Certification: GICSP

Certification:

Global Industrial Cyber Security Professional (GICSP)

false

Description

The GICSP is the newest certification in the GIAC family and focuses on the foundational knowledge of securing critical infrastructure assets. The GICSP bridges together IT, engineering and cyber security to achieve security for industrial control systems from design through retirement.

This unique vendor-neutral, practitioner focused industrial control system certification is a collaborative effort between GIAC and representatives from a global industry consortium involving organizations that design, deploy, operate and/or maintain industrial automation and control system infrastructure. GICSP will assess a base level of knowledge and understanding across a diverse set of professionals who engineer or support control systems and share responsibility for the security of these environments.

Target

This certification will be leveraged across industries to ensure a minimum set of knowledge and capabilities that IT, Engineer, and Security professionals should know if they are in a role that could impact the cyber security of an ICS environment.

Course

Preparing for the GICSP Exam: Candidates may choose to prepare for the GICSP exam by taking the SANS Training Course: ICS410: ICS/SCADA Security Essentials

*No Specific training is required for any GIAC certification. If candidates need help in mastering the objectives for this certification, there are many sources of information available. Practical experience is one option; there are also numerous books on the market covering Computer Information Security. Another option is SANS training, or any relevant courses from other training providers.*

Requirements

  • 1 proctored exam
  • 115 questions
  • Time limit of 3 hours
  • Minimum Passing Score of 69%

Renew

Certifications must be renewed every 4 years. Click here for details.

Delivery

NOTE: GIAC exams are NOT given the day after the conference ends.

GIAC certification attempts purchased without SANS training will be activated in your SANS/GIAC account within 24 business hours of purchase. GIAC certification attempts purchased with SANS training will be activated in your SANS/GIAC account 7 days after the end of the conference. In both cases, you will receive an email notification when your certification attempt has been activated in your account. You will have 120 days from the date of activation to complete your certification attempt. GIAC exams must be proctored through Pearson VUE. Please click the following link for instructions on How to Schedule Your GIAC Proctored Exam. GIAC exams are delivered online through a standard web browser.

Links


Bulletin (Part 2 of Candidate Handbook)

Exam Certification Objectives & Outcome Statements

The topic areas for each exam part follow:

Access Management - access control models
Knowledge of access control models (e.g., MAC, DAC, role-based)
Access Management - directory services
Knowledge of directory services (e.g., active directory, LDAP)
Access Management - user access management
Knowledge of user access management (e.g., user accounts, service accounts, temporary accounts, default accounts, guest accounts, account expiration, access control list, access reconciliation)
Configuration/Change Management - change management, baselines, equipment connections, and auditing
Knowledge of change management, baselines, equipment connections, and configuration auditing
Configuration/Change Management - distribution and installation of patches
Knowledge of distribution and installation of patches
Configuration/Change Management - software reloads and firmware management
Knowledge of software reloads and firmware management
Cybersecurity Essentials for ICS - attacks and incidents
Knowledge of attacks and incidents (e.g., man in the middle, spoofing, social engineering, denial of service, denial of view, data manipulating, session hijacking, foreign software, unauthorized access)
Cybersecurity Essentials for ICS - availability
Knowledge of availability (e.g., health and safety, environmental, productivity)
Cybersecurity Essentials for ICS - cryptographics
Knowledge of cryptographics (e.g., encryption, digital signatures, certificate management, PKI, public versus private key, hashing, key management, resource constraints)
Cybersecurity Essentials for ICS - security awareness programs
Knowledge of security awareness programs (employees/management)
Cybersecurity Essentials for ICS - security tenets
Knowledge of security tenets (e.g., CIA, non-repudiation, least privilege, separation of duties)
Cybersecurity Essentials for ICS - threats
Knowledge of threats (e.g., nation states, general criminals, inside and outside malicious attackers, hacktivists, inside non-malicious)
Disaster Recovery and Business Continuity - site redundancy
Knowledge of site redundancy (e.g., hotsite, off-site backup)
Disaster Recovery and Business Continuity - system backup
Knowledge of system backup (e.g., security, data sanitization, disposal, redeploying, testing backups, operational procedures)
Disaster Recovery and Business Continuity - system restoration
Knowledge of system restoration (e.g., full, partial, procedures, spares)
ICS Architecture - communication medium
Knowledge of communication medium (e.g., VSAT, RF, cell, microwave)
ICS Architecture - defense in depth
Knowledge of defense in depth (e.g., layered defense, IDS sensor placement, security system architecture, virtualization)
ICS Architecture - external network communications
Knowledge of external network communications (e.g., access points into SCADA/ICS systems, VPNs, vendor/third party access points, mobile devices)
ICS Architecture - field device architecture
Knowledge of field device architecture (e.g., relays, PLC, switch, process unit)
ICS Architecture - industrial protocols
Knowledge of industrial protocols (e.g., modbus, modbus TCP, DNP3, Ethernet/IP, OPC)
ICS Architecture - network protocols
Knowledge of network protocols (e.g., DNS, DHCP, TCP/IP)
ICS Architecture - network segmentation
network segmentation (e.g., partitioning, segregation, zones and conduits, reference architectures, network devices and services, data diodes, DMZs)
ICS Architecture - wireless security
wireless security (e.g., WIFI, wireless sensors, wireless gateways, controllers)
ICS Modules and Elements Hardening - anti-malware implementation, updating, monitoring, and sanitiza
Knowledge of anti-malware implementation, updating, monitoring, and sanitization
ICS Modules and Elements Hardening - application security
Knowledge of application security (e.g., database security)
ICS Modules and Elements Hardening - embedded devices
Knowledge of embedded device (e.g., PLCs, controllers, RTU, analyzers, meters, aggregators, security issues, default configurations)
ICS Modules and Elements Hardening - end point protection including user workstations and mobile dev
Knowledge of end point protection including user workstations and mobile devices (e.g., anti-virus, white listing)
ICS Modules and Elements Hardening - network security/hardening
Knowledge of network security/hardening (e.g., switchport security)
ICS Modules and Elements Hardening - OS security
Knowledge of OS security (unix/linux, windows, least privilege security, virtualization)
ICS Modules and Elements Hardening - removable media
Knowledge of removable media (e.g., USB device security, optical media, external drives)
ICS Security Assessments - device testing
Knowledge of device testing (e.g., communication robustness, fuzzing)
ICS Security Assessments - penetration testing and exploitation
Knowledge of penetration testing and exploitation
ICS Security Assessments - security assessments
Knowledge of security assessment (e.g., risk, criticality, vulnerability, attack surface analysis, supply chain)
ICS Security Assessments - security tools
security testing tools (e.g., packet sniffer, port scanner, vulnerability scanner)
ICS Security Governance and Risk Management - global security standards, practices, and regulations
Knowledge of global security standards, practices, and regulations (i.e., IEC/ISA 62443, NIST 800-82, ISO 2700xx)
ICS Security Governance and Risk Management - risk management
Knowledge of risk management (e.g., PHA/hazop usage, risk acceptance, risk/mitigation plan)
ICS Security Governance and Risk Management - security lifecycle management
Knowledge of security life cycle management (e.g., acquisition and divestiture, procurement, commissioning [e.g., secure deployments], maintain, decommission)
ICS Security Governance and Risk Management - security policies and procedures development
Knowledge of security policies and procedures development (e.g., exceptions, exemptions, requirements, standards)
ICS Security Monitoring - archiving
Knowledge of archiving
ICS Security Monitoring - event monitoring and logging
Knowledge of event monitoring and logging
ICS Security Monitoring - network monitoring and logging
Knowledge of network monitoring and logging
ICS Security Monitoring - security monitoring and logging
Knowledge of security monitoring and logging
Incident Management - incident recognition and triage
incident recognition and triage (e.g., log analysis/event correlation, anomalous behavior, intrusion detection, egress monitoring, IPS)
Incident Management - incident remediation/recovery
Knowledge of incident remediation/recovery
Incident Management - incident response
Knowledge of incident response (e.g., recording/reporting, forensic log analysis, containment, incident response team, root cause analysis, eradication/quarantine)
Industrial Control Systems - basic process control systems
Knowledge of basic process control systems (e.g., RTU, PLC, DCS, SCADA, metering/telemetry, ethernet I/O, buses, Purdue (ISA 95))
Industrial Control Systems - critical infrastructure sector
Knowledge of critical infrastructure sector (e.g., chemical, waste water, water, electricity, oil and gas, manufacturing, transportation)
Industrial Control Systems - safety and protection systems
Knowledge of safety and protection systems (e.g., SIS, EMS, leak detection, FGS, BMS, vibration monitoring)
Physical Security
Knowledge of physical security

Where to Get Help

Training is available from a variety of resources including on line, course attendance at a live conference, and self study.

Practical experience is another way to ensure that you have mastered the skills necessary for certification. Many professionals have the experience to meet the certification objectives identified.

Finally, college level courses or study through another program may meet the needs for mastery.

The procedure to contest exam results can be found at http://www.giac.org/about/procedures/grievance.