Areas Covered
- Industrial control system components, purposes, deployments, significant drivers, and constraints
- Control system attack surfaces, methods, and tools
- Control system approaches to system and network defense architectures and techniques
- Incident-response skills in a control system environment
- Governance models and resources for industrial cybersecurity professionals
Who is GICSP for?
- ICS IT practitioners (includes operational technology support)
- ICS Security analysts (includes operational technology security)
- Security engineers
- Industry managers and professionals
- Vendors
GICSP with CyberLive
GIAC knows that cyber security professionals need:
- Discipline-specific certifications
- Practical testing that validates their knowledge and hands-on skills
In response to this industry-wide need, GIAC developed CyberLive - hands-on, real-world practical testing. CyberLive testing creates a lab environment where cyber practitioners prove their knowledge, understanding, and skill using:
- Actual programs
- Actual code
- Virtual machines
Exam Format
- 1 proctored exam
- 82 questions
- 3 hours
- Minimum passing score of 71%
Note: GIAC reserves the right to change the specifications for each certification without notice. Based on a scientific passing point study, the passing point for the GICSP exam has been determined to be 71% for all candidates receiving access to their certification attempts on or after November 19th, 2018. To verify the format and passing point of your specific certification attempt, read the Certification Information found in your account at https://exams.giac.org/pages/attempts.
Delivery
NOTE: All GIAC Certification exams are web-based and required to be proctored. There are two proctoring options: remote proctoring through ProctorU, and onsite proctoring through PearsonVUE. Click here for more information.
GIAC certification attempts will be activated in your GIAC account after your application has been approved and according to the terms of your purchase. Details on delivery will be provided along with your registration confirmation upon payment. You will receive an email notification when your certification attempt has been activated in your account. You will have 120 days from the date of activation to complete your certification attempt.
Exam Certification Objectives & Outcome Statements
- Hardening & Protecting Endpoints The candidate will be able to describe how to implement endpoint security software along with hardening and patching, to secure the Windows and Unix style operating systems commonly found in an ICS environment.
- ICS Components & Architecture The candidate will be able to categorize assets that comprise Purdue Reference Architecture levels zero through three and describe how they can be implemented in a securable architecture. The candidate will also be able to summarize the use of levels and zones in defining a secure ICS architecture, as well as the devices deployed at each level and zone.
- ICS Overview & Concepts The candidate will be able to summarize the function of high-level ICS processes as well as ICS roles and responsibilities. The candidate will also be able to compare and contrast high-level differences between ICS and IT, including physical security considerations.
- ICS Program & Policy Development The candidate will be able to summarize the steps and best practices used in building a security program and creating enforceable security policies for an ICS.
- Intelligence Gathering & Threat Modeling The candidate will be able to determine the threat landscape of an ICS and high-level concepts of threat modeling.
- PERA Level 0 & 1 Technology Overview and Compromise The candidate will be able to describe level 0 and level 1 devices and technologies and summarize how those devices and technologies are targeted and attacked.
- PERA Level 2 & 3 Technology Overview and Compromise The candidate will be able to describe level 2 and level 3 devices and technologies and summarize how those devices and technologies are targeted and attacked.
- Protocols, Communications, & Compromises The candidate will be able to describe the basic structures, protocols, and defense of communications within an ICS and summarize how they can be compromised. This includes TCP/IP as well as ICS specific protocols. The candidate will also be able to, at a basic level, describe the cryptography used to protect communications.
- Risk Based Disaster Recovery & Incident Response The candidate will be able to describe how risk is measured and how it can be used to inform disaster recovery and incident response.
- Wireless Technologies & Compromises The candidate will be able to summarize the different wireless communication technologies used in an ICS, how they are targeted, and how they can be defended.
Other Resources
- Training is available in a variety of modalities including live training and OnDemand.
- Practical work experience can help ensure that you have mastered the skills necessary for certification
- College level courses or self paced study through another program or materials may meet the needs for mastery.
- Get information about the procedure to contest exam results.
Practice Tests
- These tests are a simulation of the real exam allowing you to become familiar with the test engine and style of questions.
- Practice exams are a gauge to determine if your preparation methods are sufficient.
- The practice bank questions are limited so you may encounter the same question on practice tests when multiple practice tests are purchased.
- Practice exams never include actual exam questions.
- Purchase a GICSP practice test here.
- GIAC recommends leveraging additional study methods for test preparation.
