Use this quick start guide to collect all the information about GIAC GCIP Certification exam. This study guide provides a list of objectives and resources that will help you prepare for items on the GIAC Critical Infrastructure Protection (GCIP) exam. The Sample Questions will help you identify the type and difficulty level of the questions and the Practice Exams will make you familiar with the format and environment of an exam. You should refer this guide carefully before attempting your actual GIAC Critical Infrastructure Protection (GCIP) certification exam.
The GIAC GCIP certification is mainly targeted to those candidates who want to build their career in Industrial Control Systems Security domain. The GIAC Critical Infrastructure Protection (GCIP) exam verifies that the candidate possesses the fundamental knowledge and proven skills in the area of GIAC GCIP.
GIAC GCIP Exam Summary:
| Exam Name | GIAC Critical Infrastructure Protection (GCIP) |
| Exam Code | GCIP |
| Exam Price | $999 (USD) |
| Duration | 180 mins |
| Number of Questions | 75 |
| Passing Score | 70% |
| Books / Training | ICS456: Essentials for NERC Critical Infrastructure Protection |
| Schedule Exam | GIAC |
| Sample Questions | GIAC GCIP Sample Questions |
| Practice Exam | GIAC GCIP Certification Practice Exam |
GIAC GCIP Exam Syllabus Topics:
| Topic | Details |
|---|---|
| BES Cyber System Categorization | - Knowledge of Attachment 1 Criteria, Operational Effects and Impacts, NERC Functional Model, BES Reliability Operating Services, BES Cyber Asset Identification |
| Configuration Change Management and Vulnerability Assessments | - Knowledge of Change Management, Configuration Monitoring, Vulnerability Assessment, Transient Cyber Assets, Removable Media |
| Electronic Security Perimeter(s) | - Knowledge of Electronic Security Perimeter Architecture, External Routable Connectivity communication, Access Rules, Dial-Up, Malicious Communication Detection, Intermediate Systems and Interactive Remote Access, Multi-factor Authentication |
| Incident Reporting and Response Planning | - Knowledge of Incident Response Plan, Incident Response Plan Testing and Exercise, Incident Response Plan Reporting |
| Information Protection | - Knowledge of Information Protection Program, Identification, Classification, Protection, Disposal, Reuse |
| NERC CIP Terms and Definitions | - Knowledge of terms and definitions relevant to BES, NERC, and CIP |
| Personnel & Training | - Knowledge of Awareness Program, Cybersecurity Training Program, Personnel Risk Assessment, Access Management Program |
| Physical Security of BES Cyber Systems | - Knowledge of Physical Security Plan, Physical access controls, Visitor control program, Maintenance and Testing, Monitoring, Logging and Alerting |
| Recovery Plans for BES Cyber Systems | - Knowledge of Recovery Plan, Recovery Plan Testing and Exercise, Recovery Plan Reporting |
| Security Management Controls | - Knowledge of Senior Manager Requirements, Policies, Low facility Requirements |
| Standards Development | - Knowledge of Compliance Monitoring and Enforcement Program, Request For Interpretation, Standards Authorization Request, Urgent Action Request, Balloting, Violation Severity Level, Violation Risk Factor |
| Standards Enforcement | - Knowledge of Audit Prep, Enforcement Treatment, Reliability Standards Auditor Worksheet, Reliability Assurance Initiative, Interactive Remote Access, Internal Controls Evaluation |
| System Security Management | - Knowledge of Port and Service management, Patch Management, Malicious Code Prevention, System Logging, Authentication Requirements, Account management, Monitoring and Alerting |
To ensure success in GIAC GCIP certification exam, we recommend authorized training course, practice test and hands-on experience to prepare for GIAC Critical Infrastructure Protection (GCIP) exam.