Security Certification: GCIP

Security Certification:

GIAC Critical Infrastructure Protection (GCIP)

SANS ICS456 Alumni will be eligible to challenge the GCIP exam. All alumni of ICS456 will receive a special offer email with a discount code once the exam is live to the public.

Description

Individuals with CIP responsibilities in the following areas:
  • IT and OT (ICS) cyber security
  • Field support personnel
  • Security operations
  • Incident response
  • Compliance staff
  • Team leaders
  • Governance
  • Vendors / Integrators
  • Auditors

"The bulk electric system or "the grid" is arguably the most critical of the critical infrastructures demanding that personnel charged with supporting it, understand the impact of their actions and inactions with regard to system reliability, safety and security. The GIAC Critical Infrastructure Protection will help validate that the professionals who access, support and maintain the critical systems that keep the grid running have an understanding of the regulatory requirements of NERC CIP as well as practical implementation strategies to achieve both regulatory compliance and its cyber security objectives." -Ted Gutierrez, co-author of SANS ICS456: Essentials for NERC Critical Infrastructure Protection

Areas Covered on the GCIP

  • BES Cyber System identification and strategies for lowering their impact rating
  • Nuances of NERC defined terms and CIP standards applicability
  • Strategic implementation approaches for supporting technologies
  • Recurring tasks and strategies for CIP program maintenance

Click here to find affiliated training for GCIP now.

Target

Individuals with CIP responsibilities in the following areas:
  • IT and OT (ICS) cyber security
  • Field support personnel
  • Security operations
  • Incident response
  • Compliance staff
  • Team leaders
  • Governance
  • Vendors / Integrators
  • Auditors

*No Specific training is required for any GIAC certification. There are many sources of information available regarding the certification objectives' knowledge areas. Practical experience is an option; there are also numerous books on the market covering Computer Information Security. Another option is any relevant courses from training providers, including SANS.*

Requirements

  • 1 proctored exam
  • 75 questions
  • Time limit of 3 hours
  • Minimum Passing Score of 70%

Renew

Certifications must be renewed every 4 years. Click here for details.

Delivery

NOTE: All GIAC exams are delivered through proctored test centers and must be scheduled in advance.
GIAC certification attempts will be activated in your GIAC account after your application has been approved and according to the terms of your purchase. Details on delivery will be provided along with your registration confirmation upon payment. You will receive an email notification when your certification attempt has been activated in your account. You will have 120 days from the date of activation to complete your certification attempt. GIAC exams must be proctored through Pearson VUE. Please click the following link for instructions on How to Schedule Your GIAC Proctored Exam http://www.giac.org/information/schedule_proctored_exam.pdf. GIAC exams are delivered online through a standard web browser.


Bulletin (Part 2 of Candidate Handbook)

Exam Certification Objectives & Outcome Statements

The topic areas for each exam part follow:

BES Cyber System Categorization
Knowledge of Attachment 1 Criteria, Operational Effects and Impacts, NERC Functional Model, BES Reliability Operating Services, BES Cyber Asset Identification
Configuration Change Management and Vulnerability Assessments
Knowledge of Change Management, Configuration Monitoring, Vulnerability Assessment, Transient Cyber Assets, Removable Media
Electronic Security Perimeter(s)
Knowledge of Electronic Security Perimeter Architecture, External Routable Connectivity communication, Access Rules, Dial-Up, Malicious Communication Detection, Intermediate Systems and Interactive Remote Access, Multi-factor Authentication
Incident Reporting and Response Planning
Knowledge of Incident Response Plan, Incident Response Plan Testing and Exercise, Incident Response Plan Reporting
Information Protection
Knowledge of Information Protection Program, Identification, Classification, Protection, Disposal, Reuse
NERC CIP Terms and Definitions
Knowledge of terms and definitions relevant to BES, NERC, and CIP
Personnel & Training
Knowledge of Awareness Program, Cybersecurity Training Program, Personnel Risk Assessment, Access Management Program
Physical Security of BES Cyber Systems
Knowledge of Physical Security Plan, Physical access controls, Visitor control program, Maintenance and Testing, Monitoring, Logging and Alerting
Recovery Plans for BES Cyber Systems
Knowledge of Recovery Plan, Recovery Plan Testing and Exercise, Recovery Plan Reporting
Security Management Controls
Knowledge of Senior Manager Requirements, Policies, Low facility Requirements
Standards Development
Knowledge of Compliance Monitoring and Enforcement Program, Request For Interpretation, Standards Authorization Request, Urgent Action Request, Balloting, Violation Severity Level, Violation Risk Factor
Standards Enforcement
Knowledge of Audit Prep, Enforcement Treatment, Reliability Standards Auditor Worksheet, Reliability Assurance Initiative, Interactive Remote Access, Internal Controls Evaluation
System Security Management
Knowledge of Port and Service management, Patch Management, Malicious Code Prevention, System Logging, Authentication Requirements, Account management, Monitoring and Alerting

Where to Get Help

Training is available from a variety of resources including on line, course attendance at a live conference, and self study.

Practical experience is another way to ensure that you have mastered the skills necessary for certification. Many professionals have the experience to meet the certification objectives identified.

Finally, college level courses or study through another program may meet the needs for mastery.

The procedure to contest exam results can be found at https://www.giac.org/about/procedures/grievance.