Cyber Security Certification: GRID
GIAC Response and Industrial Defense (GRID)
The GRID certification is for professionals who want to demonstrate that they can perform Active Defense strategies specific to and appropriate for an Industrial Control System (ICS) network and systems. Candidates are required to demonstrate an understanding of the Active Defense approach, ICS-specific attacks and how these attacks inform mitigation strategies. Candidates must also show an understanding of the strategies and fundamental techniques specific to core subjects with an ICS-focus such as network security monitoring (NSM), digital forensics and incident response (DFIR).
Areas Covered
- Active Defense Concepts and Application, Detection and Analysis in an ICS environment
- Discovery and Monitoring in an ICS environment, ICS-focused Digital Forensics, and ICS-focused Incident Response
- Malware Analysis Techniques, Threat Analysis in an ICS environment, and Threat Intelligence Fundamentals
Who is GRID for?
- ICS Incident Response Team Leads and Members
- ICS and Operations Technology Security Personnel
- IT Security Professionals
- Security Operations Center (SOC) Team Leads and Analysts
- ICS Red Team and Penetration Testers
- Active Defenders
Requirements
- 1 proctored exam
- 75 questions
- Time limit of 2 hours
- Minimum Passing Score of 74%
Delivery
NOTE: All GIAC Certification exams are web-based and required to be proctored. There are two proctoring options: remote proctoring through ProctorU, and onsite proctoring through PearsonVUE. Click here for more information.
GIAC certification attempts will be activated in your GIAC account after your application has been approved and according to the terms of your purchase. Details on delivery will be provided along with your registration confirmation upon payment. You will receive an email notification when your certification attempt has been activated in your account. You will have 120 days from the date of activation to complete your certification attempt.
Exam Certification Objectives & Outcome Statements
The topic areas for each exam part follow:
- Active Defense Concepts and Application
- The candidate will demonstrate an understanding of the fundamental theories and process of active defense applied to ICS-related security. Additionally, the candidate will demonstrate an understanding of how well-known ICS attacks can inform security professionals today.
- Detection and Analysis in an ICS environment
- The candidate will demonstrate an understanding of the tools and techniques used to analyze network security evidence from an industrial control system environment to perform packet, traffic, and file analysis.
- Discovery and Monitoring in an ICS environment
- The candidate will understand the essential purposes and practices of asset and network monitoring and discovery within an ICS environment. Additionally, the candidate will be familiar with the methods and tools that can be used towards discovery and monitoring in an ICS environment.
- ICS-focused Digital Forensics
- The candidate will demonstrate an understanding of the core concepts of digital forensics within an industrial control system environment and will be familiar with the process of determining how and when to initiate an examination of events. Additionally, the candidate will demonstrate an understanding of the tools and techniques to accomplish digital forensics.
- ICS-focused Incident Response
- The candidate will demonstrate an understanding of the core concepts of incident response within an ICS environment and will be familiar with the process of determining how and when to initiate an examination of events. Additionally, the candidate will demonstrate an understanding of the tools and techniques to accomplish incident response.
- Malware Analysis Techniques
- The candidate will demonstrate an understanding of the tools and techniques used by malware analysis engineers when examining unknown and potentially dangerous evidence. The candidate will be familiar with the process and tools used to extract information from various file system and network artifacts to recover and analyze malware samples.
- Threat Analysis in an ICS environment
- The candidate will demonstrate an understanding of threat and malware analysis techniques using concepts such as indicators of compromise.
- Threat Intelligence Fundamentals
- The candidate will demonstrate an understanding of threat intelligence concepts. Additionally, the candidate will be able to describe the mechanisms used to share threat intelligence and the standards used for the creation and use of threat intelligence.
*No Specific training is required for any GIAC certification. There are many sources of information available regarding the certification objectives' knowledge areas. Practical experience is an option; there are also numerous books on the market covering Computer Information Security. Another option is any relevant courses from training providers, including SANS.*
Other Resources
- Training is available in a variety of modalities including live conference training, online, and self study.
- Practical work experience can help ensure that you have mastered the skills necessary for certification
- College level courses or study through another program may meet the needs for mastery.
- The procedure to contest exam results can be found athttps://www.giac.org/about/procedures/grievance.
