GIAC Response and Industrial Defense (GRID)

What is GRID?

The GRID certification is for professionals who want to demonstrate that they can perform Active Defense strategies specific to and appropriate for an Industrial Control System (ICS) network and systems. Candidates are required to demonstrate an understanding of the Active Defense approach, ICS-specific attacks and how these attacks inform mitigation strategies. Candidates must also show an understanding of the strategies and fundamental techniques specific to core subjects with an ICS-focus such as network security monitoring (NSM), digital forensics and incident response (DFIR).

Who Should Attend?

This course is designed for:

  • ICS Incident Response Team Leads and Members
  • ICS and Operations Technology Security Personnel
  • IT Security Professionals
  • Security Operations Center (SOC) Team Leads and Analysts
  • ICS Red Team and Penetration Testers
  • Active Defenders

Learning Objectivies:

The topic areas for each exam part following:

  • Active Defense Concepts and Application: will demonstrate an understanding of the fundamental theories and process of active defense applied to ICS-related security. Additionally, the candidate will demonstrate an understanding of how well-known ICS attacks can inform security professionals today.
  • Detection and Analysis in an ICS environment: will demonstrate an understanding of the tools and techniques used to analyze network security evidence from an industrial control system environment to perform packet, traffic, and file analysis.
  • Discovery and Monitoring in an ICS environment: will understand the essential purposes and practices of asset and network monitoring and discovery within an ICS environment. Additionally, the candidate will be familiar with the methods and tools that can be used towards discovery and monitoring in an ICS environment.
  • ICS-focused Digital Forensics: will demonstrate an understanding of the core concepts of digital forensics within an industrial control system environment and will be familiar with the process of determining how and when to initiate an examination of events. Additionally, the candidate will demonstrate an understanding of the tools and techniques to accomplish digital forensics.
  • ICS-focused Incident Response: will demonstrate an understanding of the core concepts of incident response within an ICS environment and will be familiar with the process of determining how and when to initiate an examination of events. Additionally, the candidate will demonstrate an understanding of the tools and techniques to accomplish incident response.
  • Malware Analysis Techniques: will demonstrate an understanding of the tools and techniques used by malware analysis engineers when examining unknown and potentially dangerous evidence. The candidate will be familiar with the process and tools used to extract information from various file system and network artifacts to recover and analyze malware samples.
  • Threat Analysis in an ICS environment: will demonstrate an understanding of threat and malware analysis techniques using concepts such as indicators of compromise.
  • Threat Intelligence Fundamentals: will demonstrate an understanding of threat intelligence concepts. Additionally, the candidate will be able to describe the mechanisms used to share threat intelligence and the standards used for the creation and use of threat intelligence.

Benefits of GRID:

  • Active Defense Concepts and Application, Detection and Analysis in an ICS environment
  • Discovery and Monitoring in an ICS environment, ICS-focused Digital Forensics, and ICS-focused Incident Response
  • Malware Analysis Techniques, Threat Analysis in an ICS environment, and Threat Intelligence Fundamentals

Prerequisites

A fundamental understanding of Microsoft, Linux

Exam format

  • 1 proctored exam
  • 75 questions
  • Time limit of 2 hours
  • Minimum Passing Score of 74%

General Information:

  • Training is available in a variety of modalities including live conference training, online, and self study.
  • Practical work experience can help ensure that you have mastered the skills necessary for certification
  • College level courses or study through another program may meet the needs for mastery.
  • The procedure to contest exam results can be found at https://www.giac.org/about/procedures/grievance.