The GIAC Information Security Professional (GISP) certification is a practitioner-level certification designed for security professionals aiming to understand the key concepts covered in the CISSP® exam by (ISC)². GISP certification holders demonstrate knowledge across eight cybersecurity domains: Asset Security, Communications and Network Security, Identity and Access Management, Security and Risk Management, Security Assessment and Testing, Security Engineering, Security Operation, and Software Development Security.
Key Information:
- Exam Format: The certification exam is a proctored test consisting of 250 questions to be completed within 5 hours. A minimum passing score of 70% is required.
- Areas Covered: The certification spans eight domains, covering various aspects of cybersecurity.
- Target Audience: The certification is suitable for security professionals, system administrators, security administrators, network administrators, and security managers.
- Delivery: All GIAC Certification exams are web-based and require proctoring, with options for remote proctoring through ProctorU and onsite proctoring through PearsonVUE.
- Exam Activation: Certification attempts are activated in the GIAC account post-approval, with candidates having 120 days from activation to complete the exam.
- Other Resources: Affiliate training is available to support preparation for the certification.
The GISP certification serves as a validation of a practitioner’s knowledge and skills in key cybersecurity domains, providing a recognized credential for those in various roles within the information security field.
The GIAC Information Security Professional (GISP) Exam Certification Objectives cover the following key domains:
- Asset Security:
- Understand asset management and classification, including access controls, handling, and retention requirements.
- Communication and Network Security:
- Understand network security, encompassing secure architecture, network protocols, security controls and devices, and common network attacks.
- Identity and Access Management (IAM):
- Understand identity management concepts and controls, covering AAA, passwords, tokens, biometrics, federation, and common threats.
- Security and Risk Management:
- Understand security risk management and business continuity practices, including legal and regulatory compliance, security policies, and governance principles.
- Security Architecture and Engineering:
- Understand secure engineering architecture and implementation for systems in networked, web-based, and mobile environments.
- Mitigate common vulnerabilities.
- Security Assessment and Testing:
- Demonstrate the ability to design, perform, and analyze security tests.
- Security Operations:
- Demonstrate an understanding of the managerial, administrative, and operational aspects of information security.
- Software Development Security:
- Demonstrate an understanding of key security principles related to secure application development.
These objectives cover a broad spectrum of cybersecurity topics, from asset management to network security, identity management, risk management, secure architecture, security testing, operations, and software development security. The GISP certification aims to validate proficiency in these critical domains.
Difficulty: 3 out of 5.
I was required to earn my CISSP (yuck), but thankfully the powers that be were willing to pay for GISP as preparatory learning. Eric Conrad really helped me think like a manager, and while I don't want that kind of job, it still helps me understand those people and communicate in ways that actually reach them. That being said, I know plenty of people that read the 11th Hour along with other CISSP prep books and do fine.