Global Information Assurance Certification

Last updated
Global Information Assurance Certification
GIAC
Founded1999
Type for-profit
Focus Cybersecurity, Information Security, Software Security
Area served
Worldwide
Services Professional Certifications
Owner SANS
Website www.giac.org

Global Information Assurance Certification (GIAC) is an information security certification entity that specializes in technical and practical certification as well as new research in the form of its GIAC Gold program. SANS Institute founded the certification entity in 1999 and the term GIAC is trademarked by The Escal Institute of Advanced Technologies.

Contents

GIAC provides a set of vendor-neutral computer security certifications linked to the training courses provided by the SANS. GIAC is specific to the leading edge technological advancement of IT security in order to keep ahead of "black hat" techniques. Papers written by individuals pursuing GIAC certifications are presented at the SANS Reading Room on GIAC's website.

Initially all SANS GIAC certifications required a written paper or "practical" on a specific area of the certification in order to achieve the certification. In April 2005, the SANS organization changed the format of the certification by breaking it into two separate levels. The "silver" level certification is achieved upon completion of a multiple choice exam. The "gold" level certification can be obtained by completing a research paper and has the silver level as a prerequisite.

As of August 27, 2022, GIAC has granted 173,822 certifications worldwide. [1]

SANS GIAC Certifications

Certifications listed as 'unavailable' are not listed in official SANS or GIAC sources, and are found elsewhere. They are not the same as retired courses. [2]

Cyber Defense

CodeNameAssociated SANS Course [3] Status
GFACTGIAC Foundational Cybersecurity TechnologiesSEC275
GISFGIAC Information Security FundamentalsSEC301
GSECGIAC Security Essentials CertificationSEC401
GSOCGIAC Security Operations CertifiedSEC450
GOSIGIAC Open Source IntelligenceSEC487
GCEDGIAC Certified Enterprise DefenderSEC501
GCIAGIAC Certified Intrusion AnalystSEC503
GCWNGIAC Certified Windows Security AdministratorSEC505
GMONGIAC Continuous Monitoring CertificationSEC511
GDSAGIAC Defensible Security ArchitectureSEC530
GCDAGIAC Certified Detection AnalystSEC555
GCCCGIAC Critical Controls Certification [4] SEC566
GDATGIAC Defending Advanced ThreatsSEC599
GSIPGIAC Secure Internet PresenceSEC615 [5] Unavailable
GSOCGIAC Securing Oracle CertificationRetired

Penetration Testing

CodeNameAssociated SANS CourseStatus
GEVAGIAC Enterprise Vulnerability AssessorSEC460
GCIHGIAC Certified Incident HandlerSEC504
GWAPTGIAC Certified Web Application Penetration TesterSEC542
GPENGIAC Penetration TesterSEC560
GCPNGIAC Cloud Penetration TesterSEC588
GPYCGIAC Python CoderSEC573
GMOBGIAC Mobile Device Security AnalystSEC575
GAWNGIAC Assessing Wireless NetworksSEC617
GXPNGIAC Exploit Researcher and Advanced Penetration TesterSEC660
CodeNameAssociated SANS CourseStatus
GSAEGIAC Security Audit EssentialsAUD410 [6] Unavailable
G7799GIAC Certified ISO-17799 SpecialistAUD411 [7] Unavailable
GSNAGIAC Systems and Network AuditorAUD507
GISPGIAC Information Security ProfessionalMGT414
GSLCGIAC Security Leadership CertificationMGT512
GSOMGIAC Security Operations ManagerMGT552
GCSCGIAC Certified Security ConsultantMGT513 [8] Unavailable
GSTRTGIAC Strategic Planning, Policy, and LeadershipMGT514
GCPMGIAC Certified Project ManagerMGT525
GLEGGIAC Legal IssuesAbeyance
G2700GIAC Certified ISO-27000 SpecialistRetired

Operations

CodeNameStatus
GOEC [ citation needed ]GIAC Operations Essentials CertificationRetired

Developer

CodeNameAssociated SANS CourseStatus
GWEBGIAC Certified Web Application DefenderSEC522formally DEV522 [9]
GPCSGIAC Public Cloud SecuritySEC510
GCSAGIAC Cloud Security AutomationSEC540
GNETGIAC .NetRetired
GSSP CGIAC Secure Software Programmer CRetired

Incident Response and Forensics

CodeNameAssociated SANS CourseStatus
GBFAGIAC Battlefield Forensics and AcquisitionFOR498
GCFEGIAC Certified Forensic ExaminerFOR500
GCFAGIAC Certified Forensic AnalystFOR508
GCFRGIAC Cloud Forensics ResponderFOR509
GIMEGIAC iOS & Mac ExaminerFOR518
GNFAGIAC Certified Network Forensic AnalystFOR572
GCTIGIAC Cyber Threat IntelligenceFOR578
GASFGIAC Advanced Smartphone ForensicsFOR585
GREMGIAC Certified Reverse Engineering MalwareFOR610

Industrial Control Systems

CodeNameAssociated SANS CourseStatus
GICSPGIAC Global Industrial Cybersecurity ProfessionalICS410
GCIPGIAC Critical Infrastructure ProtectionICS456
GRIDGIAC Response and Industrial DefenseICS515

GSE

CodeNameStatus
GSEGIAC Security Expert
GSE-MalwareGIAC Security Expert in MalwareRetired [10]
GSE-ComplianceGIAC Security Expert in ComplianceRetired [10]

Unobtainable Certifications

The following certifications are no longer issued.

CodeNameAssociated SANS CourseStatus
GCUXGIAC Certified UNIX Security AdministratorSEC506Unobtainable [11]
GPPAGIAC Certified Perimeter Protection AnalystUnobtainable. [12] Formerly GCFW (Certified Firewall Analyst)
GSSP-JAVAGIAC Secure Software Programmer JavaDEV541Unobtainable [13]
GSSP-.NETGIAC Secure Software Programmer .NETDEV544Unobtainable [14]

Notes

  1. "Global Information Assurance Certification". Global Information Assurance Certification. Retrieved 2022-08-27.
  2. "Retired GIAC Certifications". www.giac.org. Retrieved 2020-08-11.
  3. "Cyber Security Courses | SANS Institute". www.sans.org. Retrieved 2020-08-11.
  4. "GIAC Critical Controls Certification". Global Information Assurance Certification. Retrieved 2014-11-18.
  5. "GSIP - GIAC Secure Internet Presence". www.certification.info. Retrieved 2020-08-11.
  6. "GSAE - GIAC Security Audit Essentials". www.certification.info. Retrieved 2020-08-11.
  7. "G7799 - GIAC Certified ISO-17799". www.certification.info. Retrieved 2020-08-11.
  8. "GCSC - GIAC Certified Security Consultant". www.certification.info. Retrieved 2020-08-11.
  9. "DEV522: Defending Web Applications". www.sans.org. Retrieved 2020-08-11.
  10. 1 2 "GSE specializations". Archived from the original on 2016-03-03.
  11. "GIAC Certified Unix System Administrator | Cybersecurity Certification". www.giac.org. Retrieved 2020-08-11.
  12. "GIAC Certified Perimeter Protection Analyst | GPPA Certification". www.giac.org. Retrieved 2020-08-11.
  13. "GIAC Secure Software Programmer Java | Cybersecurity Certification". www.giac.org. Retrieved 2020-08-11.
  14. "GIAC Secure Software Programmer .NET | Cybersecurity Certification". www.giac.org. Retrieved 2020-08-11.


School.svg

This article about an education organization is a stub. You can help Wikipedia by expanding it.

Related Research Articles

Security engineering is the process of incorporating security controls into an information system so that the controls become an integral part of the system’s operational capabilities. It is similar to other systems engineering activities in that its primary motivation is to support the delivery of engineering solutions that satisfy pre-defined functional and user requirements, but it has the added dimension of preventing misuse and malicious behavior. Those constraints and restrictions are often asserted as a security policy.

<span class="mw-page-title-main">SANS Institute</span> American security company

The SANS Institute is a private U.S. for-profit company founded in 1989 that specializes in information security, cybersecurity training, and selling certificates. Topics available for training include cyber and network defenses, penetration testing, incident response, digital forensics, and auditing. The information security courses are developed through a consensus process involving administrators, security managers, and information security professionals. The courses cover security fundamentals and technical aspects of information security. The institute has been recognized for its training programs and certification programs. Per 2021, SANS is the world’s largest cybersecurity research and training organization. SANS is an acronym for SysAdmin, Audit, Network, and Security.

CISSP is an independent information security certification granted by the International Information System Security Certification Consortium, also known as ISC2.

In the context of software engineering, software quality refers to two related but distinct notions:

ISACA is an international professional association focused on IT governance. On its IRS filings, it is known as the Information Systems Audit and Control Association, although ISACA now goes by its acronym only. ISACA currently offers 8 certification programs, as well as other micro-certificates.

Information security standards or cyber security standards are techniques generally outlined in published materials that attempt to protect the cyber environment of a user or organization. This environment includes users themselves, networks, devices, all software, processes, information in storage or transit, applications, services, and systems that can be connected directly or indirectly to networks.

<span class="mw-page-title-main">Certification</span> Formal confirmation of certain characteristics of an object, person or organization

Certification is part of testing, inspection and certification and the provision by an independent body of written assurance that the product, service or system in question meets specific requirements. It is the formal attestation or confirmation of certain characteristics of an object, person, or organization. This confirmation is often, but not always, provided by some form of external review, education, assessment, or audit. Accreditation is a specific organization's process of certification. According to the U.S. National Council on Measurement in Education, a certification test is a credentialing test used to determine whether individuals are knowledgeable enough in a given occupational area to be labeled "competent to practice" in that area.

A chief information security officer (CISO) is a senior-level executive within an organization responsible for establishing and maintaining the enterprise vision, strategy, and program to ensure information assets and technologies are adequately protected. The CISO directs staff in identifying, developing, implementing, and maintaining processes across the enterprise to reduce information and information technology (IT) risks. They respond to incidents, establish appropriate standards and controls, manage security technologies, and direct the establishment and implementation of policies and procedures. The CISO is also usually responsible for information-related compliance. The CISO is also responsible for protecting proprietary information and assets of the company, including the data of clients and consumers. CISO works with other executives to make sure the company is growing in a responsible and ethical manner.

Security controls are safeguards or countermeasures to avoid, detect, counteract, or minimize security risks to physical property, information, computer systems, or other assets. In the field of information security, such controls protect the confidentiality, integrity and availability of information.

Giac or GIAC may refer to:

EC-Council is a cybersecurity certification, education, training, and services company based in Albuquerque, New Mexico.

Offensive Security Certified Professional is an ethical hacking certification offered by Offensive Security that teaches penetration testing methodologies and the use of the tools included with the Kali Linux distribution. The OSCP is a hands-on penetration testing certification, requiring holders to successfully attack and penetrate various live machines in a safe lab environment. It is considered more technical than other ethical hacking certifications, and is one of the few certifications that requires evidence of practical penetration testing skills.

The Computing Technology Industry Association, more commonly known as CompTIA, is an American non-profit trade association that issues professional certifications for the information technology (IT) industry. It is considered one of the IT industry's top trade associations.

ISC2 Non-profit IT cybersecurity organization

The International Information System Security Certification Consortium, or ISC2, is a non-profit organization which specializes in training and certifications for cybersecurity professionals. It has been described as the "world's largest IT security organization". The most widely known certification offered by ISC2 is the Certified Information Systems Security Professional (CISSP) certification.

The United Kingdom has a diverse cyber security community, interconnected in a complex network.

Egress Software Technologies Ltd is a UK-based software company providing security software for e-mail, secure messaging, Document and Email Classification, and associated technologies to assist secure file sharing and handling.

Code Dx, Inc. was an American software technology company active from 2015 to 2021. The company's flagship product, Code Dx, is a vulnerability management system that combines and correlates the results generated by a wide variety of static and dynamic testing tools. In 2021, the company was acquired by Synopsys.

Statement on Standards for Attestation Engagements no. 18 is a Generally Accepted Auditing Standard produced and published by the American Institute of Certified Public Accountants (AICPA) Auditing Standards Board. Though it states that it could be applied to almost any subject matter, its focus is reporting on the quality of financial reporting. It pays particular attention to internal control, extending into the controls over information systems involved in financial reporting. It is intended for use by Certified Public Accountants performing attestation engagements, the preparation of a written opinion about a subject, and the client organizations preparing the reports that are the subject of the attestation engagement. It prescribes three levels of service: examination, review, and agreed-upon procedures. It also prescribes two types of reports: Type 1, which includes an assessment of internal control design, and Type 2, which additionally includes an assessment of the operating effectiveness of controls. Published April 2016, SSAE 18 and all previous standards it supersedes are represented in section AT-C of the AICPA Professional Standards, with most sections becoming effective on May 1, 2017.

<span class="mw-page-title-main">PSA Certified</span>

Platform Security Architecture (PSA) Certified is a security certification scheme for Internet of Things (IoT) hardware, software and devices. It was created by Arm Holdings, Brightsight, CAICT, Prove & Run, Riscure, TrustCB and UL as part of a global partnership.

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.