GIAC Security Leadership (GSLC)

Exam Certification Objectives & Outcome Statements

The topic areas for each exam part follow:

Cryptographic Applications

The candidate will demonstrate an understanding of using symmetric, asymmetric, and hashing algorithms to secure data in transit or at rest, as well as the importance of PKI and key management

Cryptography Concepts for Managers

The candidate will demonstrate knowledge of common cryptographic terminology, and an understanding of how symmetric, asymmetric, and hashing encryption works

Incident Response and Business Continuity

The candidate will demonstrate an understanding of the phases of incident response and the business continuity process

Managing a Security Operations Center

The candidate will demonstrate an understanding of the components, structure, and management of a Security Operations Center (SOC)

Managing Application Security

The candidate will demonstrate an understanding of the top threats to application code and software-based infrastructure, as well as integrating security into the software development lifecycle and DevOps processes

Managing Negotiations and Vendors

The candidate will demonstrate an understanding of effective negotiation and vendor management techniques

Managing Projects

The candidate will demonstrate an understanding of the terminology, concepts, and phases of project management

Managing Security Architecture

The candidate will demonstrate an understanding of security architecture concepts, including cloud-based architecture, and how to apply trust models

Managing Security Awareness

The candidate will demonstrate an understanding of how to assess an organization’s human risks and build a security awareness program that can mature with the organization’s security program

Managing Security Policy

The candidate will demonstrate an understanding of the role played by security policies, standards, guidelines, processes, and baselines in meeting an organization’s security needs and risk appetite

Managing System Security

The candidate will demonstrate an understanding of the phases of a system attack, common types of attacks and malicious code, and the strategies used to mitigate those attacks

Managing the Program Structure

The candidate will be able to design a security program with an understanding of organizational culture and reporting structures, program governance, and hiring and retaining a security team

Network Monitoring for Managers

The candidate will demonstrate an understanding of centralized logging and monitoring strategies and tools

Network Security and Privacy

The candidate will demonstrate an understanding of network layer protocols and their relationship to network security and privacy concerns, as well as the ability to identity PII and security controls for protecting network data

Networking Concepts for Managers

The candidate will demonstrate an understanding of protocols, vulnerabilities, attacks, and security controls at each layer of the OSI model

Risk Management and Security Frameworks

The candidate will demonstrate the ability to evaluate and manage risk in alignment with business objectives and adopting security frameworks and risk management techniques to help mature the security program

Vulnerability Management

The candidate will demonstrate an understanding of how to build a vulnerability management program for identifying, prioritizing, and remediating both technical and physical system vulnerabilities

*No Specific training is required for any GIAC certification. There are many sources of information available regarding the certification objectives’ knowledge areas. Practical experience is an option; there are also numerous books on the market covering Computer Information Security. Another option is any relevant courses from training providers, including SANS.*