Cyber Security Certification: GCIP

Cyber Security Certification: GCIP
Individuals with CIP responsibilities in the following areas:

"The bulk electric system or "the grid" is arguably the most critical of the critical infrastructures demanding that personnel charged with supporting it, understand the impact of their actions and inactions with regard to system reliability, safety and security. The GIAC Critical Infrastructure Protection will help validate that the professionals who access, support and maintain the critical systems that keep the grid running have an understanding of the regulatory requirements of NERC CIP as well as practical implementation strategies to achieve both regulatory compliance and its cyber security objectives." -Ted Gutierrez, co-author of SANS ICS456: Essentials for NERC Critical Infrastructure Protection

Areas Covered on the GCIP

Click here to find affiliated training for GCIP now.

Target

Individuals with CIP responsibilities in the following areas:

Requirements

Delivery

NOTE: All GIAC exams are delivered through proctored test centers and must be scheduled in advance.
GIAC certification attempts will be activated in your GIAC account after your application has been approved and according to the terms of your purchase. Details on delivery will be provided along with your registration confirmation upon payment. You will receive an email notification when your certification attempt has been activated in your account. You will have 120 days from the date of activation to complete your certification attempt. GIAC exams must be proctored through Pearson VUE. Please click the following link for instructions on How to Schedule Your GIAC Proctored Exam http://www.giac.org/information/schedule_proctored_exam.pdf. GIAC exams are delivered online through a standard web browser.


Exam Certification Objectives & Outcome Statements

The topic areas for each exam part follow:

BES Cyber System Categorization
Knowledge of Attachment 1 Criteria, Operational Effects and Impacts, NERC Functional Model, BES Reliability Operating Services, BES Cyber Asset Identification
Configuration Change Management and Vulnerability Assessments
Knowledge of Change Management, Configuration Monitoring, Vulnerability Assessment, Transient Cyber Assets, Removable Media
Electronic Security Perimeter(s)
Knowledge of Electronic Security Perimeter Architecture, External Routable Connectivity communication, Access Rules, Dial-Up, Malicious Communication Detection, Intermediate Systems and Interactive Remote Access, Multi-factor Authentication
Incident Reporting and Response Planning
Knowledge of Incident Response Plan, Incident Response Plan Testing and Exercise, Incident Response Plan Reporting
Information Protection
Knowledge of Information Protection Program, Identification, Classification, Protection, Disposal, Reuse
NERC CIP Terms and Definitions
Knowledge of terms and definitions relevant to BES, NERC, and CIP
Personnel & Training
Knowledge of Awareness Program, Cybersecurity Training Program, Personnel Risk Assessment, Access Management Program
Physical Security of BES Cyber Systems
Knowledge of Physical Security Plan, Physical access controls, Visitor control program, Maintenance and Testing, Monitoring, Logging and Alerting
Recovery Plans for BES Cyber Systems
Knowledge of Recovery Plan, Recovery Plan Testing and Exercise, Recovery Plan Reporting
Security Management Controls
Knowledge of Senior Manager Requirements, Policies, Low facility Requirements
Standards Development
Knowledge of Compliance Monitoring and Enforcement Program, Request For Interpretation, Standards Authorization Request, Urgent Action Request, Balloting, Violation Severity Level, Violation Risk Factor
Standards Enforcement
Knowledge of Audit Prep, Enforcement Treatment, Reliability Standards Auditor Worksheet, Reliability Assurance Initiative, Interactive Remote Access, Internal Controls Evaluation
System Security Management
Knowledge of Port and Service management, Patch Management, Malicious Code Prevention, System Logging, Authentication Requirements, Account management, Monitoring and Alerting