GIAC Response and Industrial Defense (GRID)
The GRID certification will be available on July 7, 2017
The necessity of identifying and protecting critical infrastructure, be it a public utility, a commercial manufacturing facility, or any other type of Industrial Control System (ICS), has moved from what once was a little-known topic to one that is a top priority for many organizations. Their very critical and unique challenges demand a specific approach and informed understanding to secure ICS-releated assets and respond to the incidents they face.
The GRID certification is for professionals who want to demonstrate that they can perform Active Defense strategies specific to and appropriate for an Industrial Control System (ICS) network and systems. Candidates are required to demonstrate an understanding of the Active Defense approach, ICS-specific attacks and how these attacks inform mitigation strategies. Candidates must also show an understanding of the strategies and fundamental techniques specific to core subjects with an ICS-focus such as network security monitoring (NSM), digital forensics and incident response (DFIR).
*No Specific training is required for any GIAC certification. There are many sources of information available regarding the certification objectives' knowledge areas. Practical experience is an option; there are also numerous books on the market covering Computer Information Security. Another option is any relevant courses from training providers, including SANS.*
- 1 proctored exam
- 75 questions
- Time limit of 2 hours
- Minimum Passing Score To Be Determined
Certifications must be renewed every 4 years. Click here for details.
NOTE: All GIAC exams are delivered through proctored test centers and must be scheduled in advance.
GIAC certification attempts will be activated in your GIAC account after your application has been approved and according to the terms of your purchase. Details on delivery will be provided along with your registration confirmation upon payment. You will receive an email notification when your certification attempt has been activated in your account. You will have 120 days from the date of activation to complete your certification attempt. GIAC exams must be proctored through Pearson VUE. Please click the following link for instructions on How to Schedule Your GIAC Proctored Exam http://www.giac.org/information/schedule_proctored_exam.pdf. GIAC exams are delivered online through a standard web browser.
- Certified Professionals (GRID)
- Exam Feedback Procedure
- Feedback Procedure
- Proctored exam procedure
- SANS Information Security Reading Room
Bulletin (Part 2 of Candidate Handbook)
Exam Certification Objectives & Outcome Statements
The topic areas for each exam part follow:
- Active Defense Concepts and Application
- The candidate will demonstrate an understanding of the fundamental theories and process of active defense applied to ICS-related security. Additionally, the candidate will demonstrate an understanding of how well-known ICS attacks can inform security professionals today.
- Detection and Analysis in an ICS environment
- The candidate will demonstrate an understanding of the tools and techniques used to analyze network security evidence from an industrial control system environment to perform packet, traffic, and file analysis.
- Discovery and Monitoring in an ICS environment
- The candidate will understand the essential purposes and practices of asset and network monitoring and discovery within an ICS environment. Additionally, the candidate will be familiar with the methods and tools that can be used towards discovery and monitoring in an ICS environment.
- ICS-focused Digital Forensics
- The candidate will demonstrate an understanding of the core concepts of digital forensics within an industrial control system environment and will be familiar with the process of determining how and when to initiate an examination of events. Additionally, the candidate will demonstrate an understanding of the tools and techniques to accomplish digital forensics.
- ICS-focused Incident Response
- The candidate will demonstrate an understanding of the core concepts of incident response within an ICS environment and will be familiar with the process of determining how and when to initiate an examination of events. Additionally, the candidate will demonstrate an understanding of the tools and techniques to accomplish incident response.
- Malware Analysis Techniques
- The candidate will demonstrate an understanding of the tools and techniques used by malware analysis engineers when examining unknown and potentially dangerous evidence. The candidate will be familiar with the process and tools used to extract information from various file system and network artifacts to recover and analyze malware samples.
- Threat Analysis in an ICS environment
- The candidate will demonstrate an understanding of threat and malware analysis techniques using concepts such as indicators of compromise.
- Threat Intelligence Fundamentals
- The candidate will demonstrate an understanding of threat intelligence concepts. Additionally, the candidate will be able to describe the mechanisms used to share threat intelligence and the standards used for the creation and use of threat intelligence.
Where to Get Help
Training is available from a variety of resources including on line, course attendance at a live conference, and self study.
Practical experience is another way to ensure that you have mastered the skills necessary for certification. Many professionals have the experience to meet the certification objectives identified.
Finally, college level courses or study through another program may meet the needs for mastery.
The procedure to contest exam results can be found at http://www.giac.org/about/procedures/grievance.