Certification: GSLC

Certification:

GIAC Security Leadership (GSLC)

false

Target

Security Professionals with managerial or supervisory responsibility for information security staff.

Course

Preparing for the GSLC Exam: Candidates may choose to prepare for the GSLC exam by taking the SANS Training Course: MGT512: SANS Security Leadership Essentials For Managers with Knowledge Compression

*No Specific training is required for any GIAC certification. If candidates need help in mastering the objectives for this certification, there are many sources of information available. Practical experience is one option; there are also numerous books on the market covering Computer Information Security. Another option is SANS training, or any relevant courses from other training providers.*

Requirements

  • 1 proctored exam
  • 150 questions
  • Time limit of 4 hours
  • Minimum Passing Score of 68%

Note:

GIAC reserves the right to change the specifications for each certification without notice. Based on a scientific passing point study, the passing point for the GSLC exam has been determined to be 68% for all candidates receiving access to their certification attempts on or after August 2nd, 2012. To verify the format of your current certification attempt, please read the Certification Information found in your portal account at https://exams.giac.org/pages/attempts.

Renew

Certifications must be renewed every 4 years. Click here for details.

Delivery

NOTE: GIAC exams are NOT given the day after the conference ends.

GIAC certification attempts purchased without SANS training will be activated in your SANS/GIAC account within 24 business hours of purchase. GIAC certification attempts purchased with SANS training will be activated in your SANS/GIAC account 7 days after the end of the conference. In both cases, you will receive an email notification when your certification attempt has been activated in your account. You will have 120 days from the date of activation to complete your certification attempt. GIAC exams must be proctored through Pearson VUE. Please click the following link for instructions on How to Schedule Your GIAC Proctored Exam. GIAC exams are delivered online through a standard web browser.

Links


Bulletin (Part 2 of Candidate Handbook)

Exam Certification Objectives & Outcome Statements

The topic areas for each exam part follow:

Click here to view a list of expanded topics for each objective.

802.11
The manager will demonstrate an understanding of the misconceptions and risks of 802.11 wireless networks and how to secure them.
Access Control and Password Management
The manager will demonstrate an understanding of the fundamental theory of access control and the role of passwords in controlling access to systems.
Building a Security Awareness Program
The manager will demonstrate an understanding of the critical elements of creating and managing a Security Awareness Program.
Business Situational Awareness
The manager will demonstrate familiarity with the concept of situational awareness and the fundamental sources of information that lead to business situational awareness.
Change Management and Security
The manager will be able to identify the signs of poor change management, understand the risks to the organization, and develop a program to improve operations.
Computer and Network Addressing
The manager will demonstrate an understanding of how computers have a variety of names and addresses on a network and this must be managed.
Cryptography Algorithms and Concepts
The manager will demonstrate an understanding of the several crypto algorithms and the concepts behind secure ciphers.
Cryptography Applications, VPNs and IPSec
The manager will demonstrate an understanding of how cryptography can be used to secure a network and how Pretty Good Privacy (PGP) works, and be introduced to VPNs, IPSec and Public Key Infrastructure (PKI).
Cryptography Fundamentals
The manager will demonstrate a basic understanding of the fundamental terminology and concepts of cryptography.
Defense-in-Depth
The manager will demonstrate an understanding of the terminology and concepts of Risk and Defense-in-Depth, including threats and vulnerabilities.
Defensive OPSEC
The manager will demonstrate an understanding of what OPSEC is and the techniques used in defensive Operational Security.
Disaster Recovery / Contingency Planning
The manager will be able to lead the BCP/DRP team and realistically plan for Business Continuity and Disaster Recovery.
DNS
The manager will demonstrate an understanding of how the Domain Name System (DNS) works, common attacks against DNS, and what can be done to defend against those attacks.
Endpoint Security
The manager will demonstrate an understanding of the issues related to defending Windows desktops and laptops.
Facilities and Physical Security
The manager will demonstrate the ability to articulate the needs of the information technology and security program to the parts of the organization responsible for facilities and physical security.
General Types of Cryptosystems
The manager will demonstrate an understanding of the three general types of cryptosystems.
Honeypots, Honeynets, Honeytokens, Tarpits
The manager will demonstrate an understanding of basic honeypot techniques and common tools used to set up honeypots.
Incident Handling and the Legal System
The manager will demonstrate an understanding of the basic legal issues in incident and evidence handling.
Incident Handling Foundations
The manager will demonstrate an understanding of the concepts of incident handling and the six-step incident handling process.
Information Warfare
The manager will demonstrate familiarity with the theory and techniques of information warfare.
IP Terminology and Concepts
The manager will demonstrate an understanding of the terminology and concepts of IP protocols and how they support the Internet.
Logging
The manager will demonstrate an understanding of how logging works, options for collection and processing and the uses for correlation technology.
Malicious Software
The manager will demonstrate an ability to articulate what malicious code is, the common types of malicious code, how it propagates, and why it is such an expensive problem
Manager's Guide to Assessing Network Engineer
The manager will be able to assess the ability of a network engineer to understand network traffic.
Managerial Wisdom
The manager will demonstrate knowledge of the most effective business techniques from the most acclaimed books.
Managing Ethics
The manager will demonstrate familiarity with ethical issues and guidelines pertaining to IT security.
Managing Intellectual Property
The manager will be able to identify and protect intellectual property and intangible assets.
Managing IT Business and Program Growth in a Globalized Marketplace
The manager will demonstrate an understanding of the key factors affecting globalization and the fundamental principles to managing an IT business and achieving sustainable growth
Managing Legal Liability
The manager will demonstrate an understanding of how to use due diligence to manage an organization's legal liability with emphasis on fraud and IT issues.
Managing Negotiations
The manager will demonstrate familiarity with guidelines for sound negotiation practices.
Managing PDA Infrastructure
The manager will understand the critical issues related to data stored on Personal Digital Assistant devices.
Managing Privacy
The manager will demonstrate an understanding of the privacy concerns that customers typically have and solutions that can be used to maintain privacy of data.
Managing Security Policy
The manager will be able to assess current policy, identify overall security posture of organization, ensure that existing policy is applicable to organization's needs and modify policy as required.
Managing Software Security
The manager will demonstrate the ability to build security into the software development process.
Managing Technical People
The manager will demonstrate an understanding of techniques that can be used to communicate with and manage technical staff.
Managing the Mission
The manager will demonstrate an understanding of how mission statements and policy keep organizations on track and how security relates to the mission.
Managing the Procurement Process
The manager will demonstrate knowledge of the management responsibility for vendor selection through the primary phrases of the procurement process and learn how to provide oversight into requirements analysis, price paid, and analysis of ROI.
Managing the Total Cost of Ownership
The manager will demonstrate an understanding of how to apply TCO to analyze proposed solutions over their entire life cycle as well as be able to identify main areas of cost for a given project.
Methods of Attack
The manager will demonstrate an introductory understanding of the most common attack methods and the basic strategies used to mitigate those threats.
Offensive OPSEC
The manager will demonstrate an understanding of OPSEC principles and offensive OPSEC techniques.
Project Management For Security Leaders
The manager will demonstrate familiarity with the terminology, concepts and five phases of project management and the role of a Project Management Office in IT/IT Security.
Quality
The manager will demonstrate an understanding of the basics of continuous product improvement and Deming's 14 points.
Risk Management and Auditing
The manager will demonstrate the ability to evaluate and manage risk.
Safety
The manager will demonstrate the ability to articulate the needs of the information technology and security program to the parts of the organization responsible for safety.
Security and Organizational Structure
The manager will demonstrate an understanding of how security integrates into organizational structure and be familiar with guidelines for recruiting and hiring IT staff.
Security Frameworks
The manager will demonstrate an understanding of the basic structure and approach to implementation of COBIT and ISO 27002 as well as practical tools to help implement the standards.
Selling Security
The manager will demonstrate understanding of how to promote security improvements to other managers within their organization.
Steganography
The manager will demonstrate an understanding of the concepts and techniques behind steganography, steganographic tools and defensive techniques.
The Intelligent Network
The manager will demonstrate an understanding of the differences between a typical traditional network design and the new components that are part of an intelligent network.
The Network Infrastructure
The manager will demonstrate understanding of and ability to communicate the fundamental technologies and concepts that describe LAN and WAN network infrastructure.
Vulnerability Management - Inside View
The manager will demonstrate an understanding of common approaches used to gather network intelligence from organizations using commonly available tools and methods directly from the system.
Vulnerability Management - Outside View
The manager will demonstrate an understanding of common approaches used to gather network intelligence from organizations using commonly available tools and methods across a network.
Vulnerability Management - User View
The manager will be able to factor in the impact the user can have on an organization's risk posture.
Web Communications and Security
The manager will demonstrate an introductory understanding of web application communications, security issues, and defenses.
Wireless Advantages and Bluetooth
The manager will demonstrate an understanding of the advantages that make wireless technology ubiquitous and be introduced to Bluetooth wireless technology.

Where to Get Help

Training is available from a variety of resources including on line, course attendance at a live conference, and self study.

Practical experience is another way to ensure that you have mastered the skills necessary for certification. Many professionals have the experience to meet the certification objectives identified.

Finally, college level courses or study through another program may meet the needs for mastery.

The procedure to contest exam results can be found at http://www.giac.org/about/procedures/grievance.