Cyber Security Certification: GRID

Cyber Security Certification: GRID


The GRID certification is for professionals who want to demonstrate that they can perform Active Defense strategies specific to and appropriate for an Industrial Control System (ICS) network and systems. Candidates are required to demonstrate an understanding of the Active Defense approach, ICS-specific attacks and how these attacks inform mitigation strategies. Candidates must also show an understanding of the strategies and fundamental techniques specific to core subjects with an ICS-focus such as network security monitoring (NSM), digital forensics and incident response (DFIR).

Areas Covered

Who is GRID for?

Requirements

Delivery

NOTE: All GIAC exams are delivered through proctored test centers and must be scheduled in advance.
GIAC certification attempts will be activated in your GIAC account after your application has been approved and according to the terms of your purchase. Details on delivery will be provided along with your registration confirmation upon payment. You will receive an email notification when your certification attempt has been activated in your account. You will have 120 days from the date of activation to complete your certification attempt. GIAC exams must be proctored through Pearson VUE. Please click the following link for instructions on How to Schedule Your GIAC Proctored Exam http://www.giac.org/information/schedule_proctored_exam.pdf. GIAC exams are delivered online through a standard web browser.


Exam Certification Objectives & Outcome Statements

The topic areas for each exam part follow:

Active Defense Concepts and Application
The candidate will demonstrate an understanding of the fundamental theories and process of active defense applied to ICS-related security. Additionally, the candidate will demonstrate an understanding of how well-known ICS attacks can inform security professionals today.
Detection and Analysis in an ICS environment
The candidate will demonstrate an understanding of the tools and techniques used to analyze network security evidence from an industrial control system environment to perform packet, traffic, and file analysis.
Discovery and Monitoring in an ICS environment
The candidate will understand the essential purposes and practices of asset and network monitoring and discovery within an ICS environment. Additionally, the candidate will be familiar with the methods and tools that can be used towards discovery and monitoring in an ICS environment.
ICS-focused Digital Forensics
The candidate will demonstrate an understanding of the core concepts of digital forensics within an industrial control system environment and will be familiar with the process of determining how and when to initiate an examination of events. Additionally, the candidate will demonstrate an understanding of the tools and techniques to accomplish digital forensics.
ICS-focused Incident Response
The candidate will demonstrate an understanding of the core concepts of incident response within an ICS environment and will be familiar with the process of determining how and when to initiate an examination of events. Additionally, the candidate will demonstrate an understanding of the tools and techniques to accomplish incident response.
Malware Analysis Techniques
The candidate will demonstrate an understanding of the tools and techniques used by malware analysis engineers when examining unknown and potentially dangerous evidence. The candidate will be familiar with the process and tools used to extract information from various file system and network artifacts to recover and analyze malware samples.
Threat Analysis in an ICS environment
The candidate will demonstrate an understanding of threat and malware analysis techniques using concepts such as indicators of compromise.
Threat Intelligence Fundamentals
The candidate will demonstrate an understanding of threat intelligence concepts. Additionally, the candidate will be able to describe the mechanisms used to share threat intelligence and the standards used for the creation and use of threat intelligence.

*No Specific training is required for any GIAC certification. There are many sources of information available regarding the certification objectives' knowledge areas. Practical experience is an option; there are also numerous books on the market covering Computer Information Security. Another option is any relevant courses from training providers, including SANS.*

Other Resources