gslc certification

By /

GSLC certification – GIAC Security Leadership (GSLC)

The GSLC is for security professionals with managerial or supervisory responsibility for information security employees.

Its often used as a replacement for the CISSP since its listed on the old DoD 8570 Chart of acceptable Tier 3 certifications.

The following comes directly from SANS:

802.11

The manager will demonstrate an understanding of the misconceptions and risks of 802.11 wireless networks and how to secure them.

Access Control and Password Management

The manager will demonstrate an understanding of the fundamental theory of access control and the role of passwords in controlling access to systems.

Building a Security Awareness Program

The manager will demonstrate an understanding of the critical elements of creating and managing a Security Awareness Program.

Business Situational Awareness

The manager will demonstrate familiarity with the concept of situational awareness and the fundamental sources of information that lead to business situational awareness.

Change Management and Security

The manager will be able to identify the signs of poor change management, understand the risks to the organization, and develop a program to improve operations.

Computer and Network Addressing

The manager will demonstrate an understanding of how computers have a variety of names and addresses on a network and this must be managed.

Cryptography Algorithms and Concepts

The manager will demonstrate an understanding of the several crypto algorithms and the concepts behind secure ciphers.

Cryptography Applications, VPNs and IPSec

The manager will demonstrate an understanding of how cryptography can be used to secure a network and how Pretty Good Privacy (PGP) works, and be introduced to VPNs, IPSec and Public Key Infrastructure (PKI).

Cryptography Fundamentals

The manager will demonstrate a basic understanding of the fundamental terminology and concepts of cryptography.

Defense-in-Depth

The manager will demonstrate an understanding of the terminology and concepts of Risk and Defense-in-Depth, including threats and vulnerabilities.

Defensive OPSEC

The manager will demonstrate an understanding of what OPSEC is and the techniques used in defensive Operational Security.

Disaster Recovery / Contingency Planning

The manager will be able to lead the BCP/DRP team and realistically plan for Business Continuity and Disaster Recovery.

DNS

The manager will demonstrate an understanding of how the Domain Name System (DNS) works, common attacks against DNS, and what can be done to defend against those attacks.

Endpoint Security

The manager will demonstrate an understanding of the issues related to defending Windows desktops and laptops.

Facilities and Physical Security

The manager will demonstrate the ability to articulate the needs of the information technology and security program to the parts of the organization responsible for facilities and physical security.

General Types of Cryptosystems

The manager will demonstrate an understanding of the three general types of cryptosystems.

Honeypots, Honeynets, Honeytokens, Tarpits

The manager will demonstrate an understanding of basic honeypot techniques and common tools used to set up honeypots.

Incident Handling and the Legal System

The manager will demonstrate an understanding of the basic legal issues in incident and evidence handling.

Incident Handling Foundations

The manager will demonstrate an understanding of the concepts of incident handling and the six-step incident handling process.

Information Warfare

The manager will demonstrate familiarity with the theory and techniques of information warfare.

IP Terminology and Concepts

The manager will demonstrate an understanding of the terminology and concepts of IP protocols and how they support the Internet.

Logging

The manager will demonstrate an understanding of how logging works, options for collection and processing and the uses for correlation technology.

Malicious Software

The manager will demonstrate an ability to articulate what malicious code is, the common types of malicious code, how it propagates, and why it is such an expensive problem

Manager’s Guide to Assessing Network Engineer

The manager will be able to assess the ability of a network engineer to understand network traffic.

Managerial Wisdom

The manager will demonstrate knowledge of the most effective business techniques from the most acclaimed books.

Managing Ethics

The manager will demonstrate familiarity with ethical issues and guidelines pertaining to IT security.

Managing Intellectual Property

The manager will be able to identify and protect intellectual property and intangible assets.

Managing IT Business and Program Growth in a Globalized Marketplace

The manager will demonstrate an understanding of the key factors affecting globalization and the fundamental principles to managing an IT business and achieving sustainable growth

Managing Legal Liability

The manager will demonstrate an understanding of how to use due diligence to manage an organization’s legal liability with emphasis on fraud and IT issues.

Managing Negotiations

The manager will demonstrate familiarity with guidelines for sound negotiation practices.

Managing PDA Infrastructure

The manager will understand the critical issues related to data stored on Personal Digital Assistant devices.

Managing Privacy

The manager will demonstrate an understanding of the privacy concerns that customers typically have and solutions that can be used to maintain privacy of data.

Managing Security Policy

The manager will be able to assess current policy, identify overall security posture of organization, ensure that existing policy is applicable to organization’s needs and modify policy as required.

Managing Software Security

The manager will demonstrate the ability to build security into the software development process.

Managing Technical People

The manager will demonstrate an understanding of techniques that can be used to communicate with and manage technical staff.

Managing the Mission

The manager will demonstrate an understanding of how mission statements and policy keep organizations on track and how security relates to the mission.

Managing the Procurement Process

The manager will demonstrate knowledge of the management responsibility for vendor selection through the primary phrases of the procurement process and learn how to provide oversight into requirements analysis, price paid, and analysis of ROI.

Managing the Total Cost of Ownership

The manager will demonstrate an understanding of how to apply TCO to analyze proposed solutions over their entire life cycle as well as be able to identify main areas of cost for a given project.

Methods of Attack

The manager will demonstrate an introductory understanding of the most common attack methods and the basic strategies used to mitigate those threats.

Offensive OPSEC

The manager will demonstrate an understanding of OPSEC principles and offensive OPSEC techniques.

Project Management For Security Leaders

The manager will demonstrate familiarity with the terminology, concepts and five phases of project management and the role of a Project Management Office in IT/IT Security.

Quality

The manager will demonstrate an understanding of the basics of continuous product improvement and Deming’s 14 points.

Risk Management and Auditing

The manager will demonstrate the ability to evaluate and manage risk.

Safety

The manager will demonstrate the ability to articulate the needs of the information technology and security program to the parts of the organization responsible for safety.

Security and Organizational Structure

The manager will demonstrate an understanding of how security integrates into organizational structure and be familiar with guidelines for recruiting and hiring IT staff.

Security Frameworks

The manager will demonstrate an understanding of the basic structure and approach to implementation of COBIT and ISO 27002 as well as practical tools to help implement the standards.

Selling Security

The manager will demonstrate understanding of how to promote security improvements to other managers within their organization.

Steganography

The manager will demonstrate an understanding of the concepts and techniques behind steganography, steganographic tools and defensive techniques.

The Intelligent Network

The manager will demonstrate an understanding of the differences between a typical traditional network design and the new components that are part of an intelligent network.

The Network Infrastructure

The manager will demonstrate understanding of and ability to communicate the fundamental technologies and concepts that describe LAN and WAN network infrastructure.

Vulnerability Management – Inside View

The manager will demonstrate an understanding of common approaches used to gather network intelligence from organizations using commonly available tools and methods directly from the system.

Vulnerability Management – Outside View

The manager will demonstrate an understanding of common approaches used to gather network intelligence from organizations using commonly available tools and methods across a network.

Vulnerability Management – User View

The manager will be able to factor in the impact the user can have on an organization’s risk posture.

Web Communications and Security

The manager will demonstrate an introductory understanding of web application communications, security issues, and defenses.

Wireless Advantages and Bluetooth

The manager will demonstrate an understanding of the advantages that make wireless technology ubiquitous and be introduced to Bluetooth wireless technology.

http://www.giac.org/certification/security-leadership-gslc

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top