Global Industrial Cyber Security Professional (GICSP)
GICSP now approved under DoDD 8570 guidelines.GICSP: Certifying ICS Security Essentials for Engineering, Operating Technology and Cyber
The GICSP bridges together IT, engineering and cyber security to achieve security for industrial control systems from design through retirement. This unique vendor-neutral, practitioner focused industrial control system certification is a collaborative effort between GIAC and representatives from a global industry consortium involving organizations that design, deploy, operate and/or maintain industrial automation and control system infrastructure. GICSP will assess a base level of knowledge and understanding across a diverse set of professionals who engineer or support control systems and share responsibility for the security of these environments.
GIAC Global Industrial Cyber Security Professional (GICSP) certification now meets the requirements of the DoD Manual 8570.01 "Information Assurance Workforce Improvement Program" and is approved for the Department of Defense (DoD) Computer Network Defense Analyst (CND-A), Computer Network Defense Infrastructure Support (CND-IS) and Information Assurance Technical Level II (IAT Level II) workforce categories.
The approval of GICSP for DoDD 8570 effects any full or part-time military service member, contractor, or local nationals with privileged access to a DoD information system performing information assurance (security) functions -- regardless of job or occupational series, requiring an approved certification for their particular job classification.
This certification will be leveraged across industries to ensure a minimum set of knowledge and capabilities that IT, Engineer, and Security professionals should know if they are in a role that could impact the cyber security of an ICS environment.
*No Specific training is required for any GIAC certification. There are many sources of information available regarding the certification objectives' knowledge areas. Practical experience is an option; there are also numerous books on the market covering Computer Information Security. Another option is any relevant courses from training providers, including SANS.*
- 1 proctored exam
- 115 questions
- Time limit of 3 hours
- Minimum Passing Score of 69%
Certifications must be renewed every 4 years. Click here for details.
NOTE: All GIAC exams are delivered through proctored test centers and must be scheduled in advance.
GIAC certification attempts will be activated in your GIAC account after your application has been approved and according to the terms of your purchase. Details on delivery will be provided along with your registration confirmation upon payment. You will receive an email notification when your certification attempt has been activated in your account. You will have 120 days from the date of activation to complete your certification attempt. GIAC exams must be proctored through Pearson VUE. Please click the following link for instructions on How to Schedule Your GIAC Proctored Exam http://www.giac.org/information/schedule_proctored_exam.pdf. GIAC exams are delivered online through a standard web browser.
- Certified Professionals (GICSP)
- Exam Feedback Procedure
- Feedback Procedure
- Proctored exam procedure
- SANS Information Security Reading Room
Bulletin (Part 2 of Candidate Handbook)
Exam Certification Objectives & Outcome Statements
The topic areas for each exam part follow:
- Access Management
- Knowledge of access control models, directory services and knowledge of user access management
- Configuration/Change Management - change management, baselines, equipment connections, and auditing
- Knowledge of change management, baselines, equipment connections, and configuration auditing
- Configuration/Change Management-software updates
- Knowledge of distribution and installation of patches, knowledge of software reloads and firmware management
- Cybersecurity Essentials for ICS - attacks and incidents
- Knowledge of attacks and incidents (e.g., man in the middle, spoofing, social engineering, denial of service, denial of view, data manipulating, session hijacking, foreign software, unauthorized access)
- Cybersecurity Essentials for ICS - availability
- Knowledge of availability (e.g., health and safety, environmental, productivity)
- Cybersecurity Essentials for ICS - cryptographics
- Knowledge of cryptographics (e.g., encryption, digital signatures, certificate management, PKI, public versus private key, hashing, key management, resource constraints)
- Cybersecurity Essentials for ICS - security tenets
- Knowledge of security tenets (e.g., CIA, non-repudiation, least privilege, separation of duties)
- Cybersecurity Essentials for ICS - threats
- Knowledge of threats (e.g., nation states, general criminals, inside and outside malicious attackers, hacktivists, inside non-malicious)
- Disaster Recovery and Business Continuity
- Knowledge of system backup & restoration
- ICS Architecture - Communication Mediums
- Knowledge of communication medium and external network communications
- ICS Architecture - field device architecture
- Knowledge of field device architecture (e.g., relays, PLC, switch, process unit)
- ICS Architecture - industrial protocols
- Knowledge of industrial protocols (e.g., modbus, modbus TCP, DNP3, Ethernet/IP, OPC)
- ICS Architecture - network protocols
- Knowledge of network protocols (e.g., DNS, DHCP, TCP/IP)
- ICS Architecture - network segmentation
- network segmentation (e.g., partitioning, segregation, zones and conduits, reference architectures, network devices and services, data diodes, DMZs)
- ICS Architecture - wireless security
- wireless security (e.g., WIFI, wireless sensors, wireless gateways, controllers)
- ICS Modules and Elements Hardening - application security
- Knowledge of application security (e.g., database security)
- ICS Modules and Elements Hardening - embedded devices
- Knowledge of embedded device (e.g., PLCs, controllers, RTU, analyzers, meters, aggregators, security issues, default configurations)
- ICS Modules and Elements Hardening - network security/hardening
- Knowledge of network security/hardening (e.g., switchport security)
- ICS Modules and Elements Hardening - OS security
- Knowledge of OS security (unix/linux, windows, least privilege security, virtualization)
- ICS Modules and Elements Hardening-Configuration and endpoint hardening
- Knowledge of anti-malware implementation, updating, monitoring, and sanitization. Knowledge of end point protection including user workstations and mobile devices
- ICS Security Assessments - security tools
- security testing tools (e.g., packet sniffer, port scanner, vulnerability scanner)
- ICS Security Assessments-assessments & testing
- Knowledge of device testing (e.g., communication robustness, fuzzing) (e.g., risk, criticality, vulnerability, attack surface analysis, supply chain), Knowledge of penetration testing and exploitation, Knowledge of security assessment
- ICS Security Governance and Risk Management - risk management
- Knowledge of risk management (e.g., PHA/hazop usage, risk acceptance, risk/mitigation plan)
- ICS Security Governance and Risk Management - security policies and procedures development
- Knowledge of security policies and procedures development (e.g., exceptions, exemptions, requirements, standards)
- ICS Security Monitoring - Logging
- Knowledge of event, network, and security logging, including knowledge of archiving logs
- ICS Security Monitoring - Monitoring
- Knowledge of event, network, and security monitoring
- Incident Management
- Knowledge of incident recognition and triage (e.g., log analysis/event correlation, anomalous behavior, intrusion detection, egress monitoring, IPS), knowledge of incident remediation/recovery, and knowledge of incident response (e.g., recording/reporting, forensic log analysis, containment, incident response team, root cause analysis, eradication/quarantine)
- Industrial Control Systems - basic process control systems
- Knowledge of basic process control systems (e.g., RTU, PLC, DCS, SCADA, metering/telemetry, ethernet I/O, buses, Purdue (ISA 95))
- Industrial Control Systems - safety and protection systems
- Knowledge of safety and protection systems (e.g., SIS, EMS, leak detection, FGS, BMS, vibration monitoring)
- Physical Security
- Knowledge of physical security
Where to Get Help
Training is available from a variety of resources including on line, course attendance at a live conference, and self study.
Practical experience is another way to ensure that you have mastered the skills necessary for certification. Many professionals have the experience to meet the certification objectives identified.
Finally, college level courses or study through another program may meet the needs for mastery.
The procedure to contest exam results can be found at http://www.giac.org/about/procedures/grievance.