Global Information Assurance Certifications and Training

Global Information Assurance Certification (GIAC) was formed in 1999 in order to create a certifying body for information technology (IT) professionals working in the field of information security. The first GIAC certifications were awarded in 2000, and the program has since grown into an industry leader, with over 50,000 certifications awarded to date.

Types of certifications available

The GIAC certification roadmap is divided into four difficulty levels: Introductory, Intermediate, Advanced and Expert. Each contains one or more certifications in the following industry tracks:

• Security Administration
• Management
• Audit
• Forensics
• Legal
• Software Security

List of GIAC certifications

The following list is divided by level of difficulty, and includes the name of each certification, its related industry track, and a brief description of what discipline it covers.

Introductory Certifications

• GIAC Information Security Fundamentals (GISF) — The only Introductory-level designation; it covers the foundation knowledge of information security

Intermediate Certifications

• GIAC Security Essentials Certification (GSEC) — Security Administration certification for candidates who are ready to start hands-on information security work
• GIAC Information Security Professional (GISP) — Management certification that covers advanced information security education for IT managers
• GIAC Certified ISO-27000 Specialist (G2700) — Management certification covering how to implement an information security framework based on the ISO-27000 standards
• GIAC Certified Forensics Examiner (GCFE) — Forensics certification for candidates who want to perform computer forensic analysis on Windows-based systems

Advanced Certifications

• GIAC Certified Perimeter Protection Analyst (GPPA) — Security Administration certification covering firewalls and other network perimeter security defenses
• GIAC Certified Intrusion Analyst (GCIA) — Security Administration certification for candidates who monitor and analyze networks with intrusion detection systems
• GIAC Certified Incident Handler (GCIH) — Security Administration certification covering security incident handling including detection, response and resolution phases
• GIAC Certified UNIX Security Administrator (GCUX) — Security Administration certification for UNIX and Linux security admins
• GIAC Certified Windows Security Administrator (GCWN) — Security Administration certification for admins responsible for securing Windows clients and servers
• GIAC Certified Enterprise Defender (GCED) — Security Administration certification that builds on the knowledge from the GSEC certification, covering more advanced topics
• GIAC Certified Penetration Tester (GPEN) — Security Administration certification for “white hat” hackers who test networks for security vulnerabilities
• GIAC Web Application Penetration Tester (GWAPT) — Security Administration certification for “white hat” hackers who test websites and web applications for security holes
• GIAC Security Leadership Certification (GSLC) — Management certification for security pros who supervise or manage information security staff
• GIAC Certified Project Manager Certification (GCPM) — Management certification for information security project leaders
• GIAC Secure Software Programmer – .NET (GSSP-NET) — Software Security certification for developers creating secure applications using Microsoft’s .NET framework
• GIAC Secure Software Programmer – Java (GSSP-JAVA) — Software Security certification for developers creating secure applications using the Java programming language
• GIAC Systems and Network Auditor (GSNA) — Audit certification for candidates responsible for performing audits of networks and other information systems
• GIAC Certified Forensic Analyst (GCFA) — Forensics certification more advanced than the GCFE, covering computer forensics and incident response skills
• GIAC Law of Data Security and Investigations (GLEG) — Legal certification that focuses on the laws and legal issues centered around information security, including identity fraud and cybercrime

Expert Certifications

• GIAC Assessing Wireless Networks (GAWN) — Security Administration certification for wireless networking security experts
• GIAC Exploit Researcher and Advanced Penetration Tester (GXPN) — Security Administration certification for candidates looking for a more advanced version of the GPEN designation
• GIAC Reverse Engineering Malware (GREM) — Forensics certification for malware analysts who can reverse engineer malicious code as part of an investigation or incident response
• GIAC Security Expert (GSE) — The most advanced GIAC certification offered, candidates must pass a standard multiple-choice exam and a lab exam to earn this designation

Information about exams

GIAC certification exams are booked through the main GIAC website and taken online through Pearson VUE testing centers. They consist of a number of multiple-choice questions, and candidates have anywhere from one to four hours (depending on the certification) to complete the exam. Tests are “open-book,” meaning that exam takers can bring in reference books, notes and other handwritten materials. However, no electronic devices of any kind are permitted in the examination room.