GIAC _ Security Leadership (GSLC)

What is GSLC?

The GIAC Security Leadership (GSLC) certification validates a practitioner’s understanding of governance and technical controls focused on protecting, detecting, and responding to security issues. GSLC certification holders have demonstrated knowledge of data, network, host, application, and user controls along with key management topics that address the overall security lifecycle.

Who Should Attend?

This course is designed for:

  • Information security managers
  • Security professionals with leadership responsibilities
  • IT and other managers

Learning Objectives

The topic areas for each exam part follow:

  • Cryptographic Applications: will demonstrate an understanding of using symmetric, asymmetric, and hashing algorithms to secure data in transit or at rest, as well as the importance of PKI and key management.
  • Cryptography Concepts for Managers: will demonstrate knowledge of common cryptographic terminology, and an understanding of how symmetric, asymmetric, and hashing encryption works.
  • Incident Response and Business Continuity: will demonstrate an understanding of the phases of incident response and the business continuity process.
  • Managing a Security Operations Center: will demonstrate an understanding of the components, structure, and management of a Security Operations Center (SOC).
  • Managing Application Security: will demonstrate an understanding of the top threats to application code and software-based infrastructure, as well as integrating security into the software development lifecycle and DevOps processes.
  • Managing Negotiations and Vendors: will demonstrate an understanding of effective negotiation and vendor management techniques.
  • Managing Projects: will demonstrate an understanding of the terminology, concepts, and phases of project management.
  • Managing Security Architecture: will demonstrate an understanding of security architecture concepts, including cloud-based architecture, and how to apply trust models.
  • Managing Security Awareness: will demonstrate an understanding of how to assess an organization’s human risks and build a security awareness program that can mature with the organization’s security program.
  • Managing Security Policy: will demonstrate an understanding of the role played by security policies, standards, guidelines, processes, and baselines in meeting an organization’s security needs and risk appetite.
  • Managing System Security: will demonstrate an understanding of the phases of a system attack, common types of attacks and malicious code, and the strategies used to mitigate those attacks.
  • Managing the Program Structure: will be able to design a security program with an understanding of organizational culture and reporting structures, program governance, and hiring and retaining a security team
  • Network Monitoring for Managers: will demonstrate an understanding of centralized logging and monitoring strategies and tools.
  • Network Security and Privacy: will demonstrate an understanding of network layer protocols and their relationship to network security and privacy concerns, as well as the ability to identity PII and security controls for protecting network data.
  • Networking Concepts for Managers: will demonstrate an understanding of protocols, vulnerabilities, attacks, and security controls at each layer of the OSI model.
  • Risk Management and Security Frameworks: will demonstrate the ability to evaluate and manage risk in alignment with business objectives and adopting security frameworks and risk management techniques to help mature the security program.
  • Vulnerability Management: will demonstrate an understanding of how to build a vulnerability management program for identifying, prioritizing, and remediating both technical and physical system vulnerabilities.

Benefits of GSLC:

  • Cryptography concepts & applications for managers, networking concepts & monitoring for managers
  • Managing a security operations center, application security, negotiations and vendors, and program structure
  • Managing security architecture, security awareness, security policy, and system security
  • Risk management and security frameworks, vulnerability management, incident response and business continuity

Exam Format

  • 1 proctored exam
  • 115 questions
  • Time limit of 3 hours
  • Minimum Passing Score of 65%

Note: GIAC reserves the right to change the specifications for each certification without notice. Based on a scientific passing point study, the passing point for the GSLC exam has been determined to be 65% for all candidates receiving access to their certification attempts on or after April 15, 2019. To verify the format and passing point of your specific certification attempt, read the Certification Information found in your account at https://exams.giac.org/pages/attempts.

General Information

  • Training is available in a variety of modalities including live conference training, online, and self study.
  • Practical work experience can help ensure that you have mastered the skills necessary for certification
  • College level courses or study through another program may meet the needs for mastery.

The procedure to contest exam results can be found at https://www.giac.org/about/procedures/grievance.