Cyber Security Certification: GSLC

Cyber Security Certification: GSLC


The GIAC Security Leadership (GSLC) certification validates a practitioner's understanding of governance and technical controls focused on protecting, detecting, and responding to security issues. GSLC certification holders have demonstrated knowledge of data, network, host, application, and user controls along with key management topics that address the overall security lifecycle.

Areas Covered

Who is GSLC for?

Requirements

Note: GIAC reserves the right to change the specifications for each certification without notice. Based on a scientific passing point study, the passing point for the GSLC exam has been determined to be 65% for all candidates receiving access to their certification attempts on or after April 15, 2019. To verify the format and passing point of your specific certification attempt, read the Certification Information found in your account at https://exams.giac.org/pages/attempts.

Delivery

NOTE: All GIAC exams are delivered through proctored test centers and must be scheduled in advance.
GIAC certification attempts will be activated in your GIAC account after your application has been approved and according to the terms of your purchase. Details on delivery will be provided along with your registration confirmation upon payment. You will receive an email notification when your certification attempt has been activated in your account. You will have 120 days from the date of activation to complete your certification attempt. GIAC exams must be proctored through Pearson VUE. Please click the following link for instructions on How to Schedule Your GIAC Proctored Exam http://www.giac.org/information/schedule_proctored_exam.pdf. GIAC exams are delivered online through a standard web browser.


Exam Certification Objectives & Outcome Statements

The topic areas for each exam part follow:

Click here to view a list of expanded topics for each objective.

Cryptographic Applications
The candidate will demonstrate an understanding of using symmetric, asymmetric, and hashing algorithms to secure data in transit or at rest, as well as the importance of PKI and key management
Cryptography Concepts for Managers
The candidate will demonstrate knowledge of common cryptographic terminology, and an understanding of how symmetric, asymmetric, and hashing encryption works
Incident Response and Business Continuity
The candidate will demonstrate an understanding of the phases of incident response and the business continuity process
Managing a Security Operations Center
The candidate will demonstrate an understanding of the components, structure, and management of a Security Operations Center (SOC)
Managing Application Security
The candidate will demonstrate an understanding of the top threats to application code and software-based infrastructure, as well as integrating security into the software development lifecycle and DevOps processes
Managing Negotiations and Vendors
The candidate will demonstrate an understanding of effective negotiation and vendor management techniques
Managing Projects
The candidate will demonstrate an understanding of the terminology, concepts, and phases of project management
Managing Security Architecture
The candidate will demonstrate an understanding of security architecture concepts, including cloud-based architecture, and how to apply trust models
Managing Security Awareness
The candidate will demonstrate an understanding of how to assess an organization's human risks and build a security awareness program that can mature with the organization's security program
Managing Security Policy
The candidate will demonstrate an understanding of the role played by security policies, standards, guidelines, processes, and baselines in meeting an organization's security needs and risk appetite
Managing System Security
The candidate will demonstrate an understanding of the phases of a system attack, common types of attacks and malicious code, and the strategies used to mitigate those attacks
Managing the Program Structure
The candidate will be able to design a security program with an understanding of organizational culture and reporting structures, program governance, and hiring and retaining a security team
Network Monitoring for Managers
The candidate will demonstrate an understanding of centralized logging and monitoring strategies and tools
Network Security and Privacy
The candidate will demonstrate an understanding of network layer protocols and their relationship to network security and privacy concerns, as well as the ability to identity PII and security controls for protecting network data
Networking Concepts for Managers
The candidate will demonstrate an understanding of protocols, vulnerabilities, attacks, and security controls at each layer of the OSI model
Risk Management and Security Frameworks
The candidate will demonstrate the ability to evaluate and manage risk in alignment with business objectives and adopting security frameworks and risk management techniques to help mature the security program
Vulnerability Management
The candidate will demonstrate an understanding of how to build a vulnerability management program for identifying, prioritizing, and remediating both technical and physical system vulnerabilities

*No Specific training is required for any GIAC certification. There are many sources of information available regarding the certification objectives' knowledge areas. Practical experience is an option; there are also numerous books on the market covering Computer Information Security. Another option is any relevant courses from training providers, including SANS.*

Other Resources