All about the GIAC Global Industrial Cyber Security Professional (GICSP)

With the GICSP certification, professionals who design or support control systems and share responsibility for their security can demonstrate a basic level of understanding. This certification has no prerequisite requirements, but it is no walk in the park. A written test is required for all applicants and you can get prepared in a 5-day instructor-led course

https://www.readynez.com/en/training/courses/vendors/giac/gicsp-certification/

Prerequisites For The GICSP Exam

You'll need a basic understanding of computer networking and security concepts to succeed in this course. Understanding networking protocols, such as those covered by the CompTIA Network+ certification is also a requirement.

Who is GICSP Certification for?

• Professionals in the ICS IT field (includes operational technology support)
• Security experts at ICS (includes operational technology security)
• Security specialists
• Professionals and managers in the industry.

Exam Format For The GICSP

• One proctored exam
• A total of 115 questions
• 3 hours
• A passing grade of 71% is required.

GIAC reserves the right to alter the requirements for any certification at any time and without prior notice to the applicant or recipient. GICSP exam candidates who begin taking their certification exams on or after November 19th, 2018, will need to achieve a passing score of 71% based on a scientific study of passing points.

Exam Objectives and Outcome Statements

ICS Operating System Security Hardening

The candidate can describe how to secure Windows and Unix-like operating systems in an ICS environment. Endpoint security software, as well as hardening and patching are necessary.

Compromises and Communications in the ICS

They should be able to explain how communications in an industrial control system are structured and how they can be hacked. At a basic level, the candidate should also explain how cryptography protects communications.

Intelligence gathered by the ICS.

WHEN NECESSARY, an ICS threat landscape can be determined by investigating information leakage points and logs and honeypots.

ICS Level 0 and 1 Technology Overview and Compromise

The candidate should be able to describe and summarize devices and technologies at levels 0 and 1 and the methods used to target and attack those devices and technologies.

ICS Level 2 and 3 Technology Overview and Compromise

They should be able to describe and summarize level 2 and level 3 devices/technologies and their use in various attacks.

ICS Overview and Concepts

The candidate can summarize high-level assets in the Purdue model levels zero through three. The candidate will make SCADA versus DCS comparisons.

The fundamentals of ICS procurement, architecture, and design

By contrast, the candidate will be able to explain how ICS differs from more traditional IT structures. The candidate will demonstrate an understanding of how procurement and physical security can be integrated into an ICS network architecture that is secure and dependable. – Each level and zone of the secure ICS architecture, as well as the devices deployed at each level and zone, will be summarized by the candidate.

ICS Program and Policy Development

The candidate will summarize building and enforcing security policies for an ICS.

Compromises and Wireless ICS Technologies.

They should summarize the various wireless communication technologies used in an ICS, their target, and defense mechanisms.

Risk-Based Disaster Recovery and Incident Response.

Disaster recovery and incident response can be guided by the candidate's knowledge of risk measurement.