News Column

GIAC Announces the GIAC Critical Controls Certification

July 15, 2014

By a News Reporter-Staff News Editor at Information Technology Newsweekly -- Global Information Assurance Certification (GIAC) is pleased to announce the GIAC Critical Controls Certification (GCCC), the only certification based on the Critical Security Controls, a prioritized, risk-based approach to security. The GCCC ensures that candidates have the knowledge and skills to implement and execute the Critical Security Controls recommended by the Council on Cybersecurity, and perform audits based on the standard.

Successful candidates will gain the necessary knowledge to understand the philosophies and driving forces behind the creation of the Critical Security Controls, their scope, and how these controls can be used to prioritize information security controls based on community risk assessment efforts. Candidates will understand how the Critical Security Controls relate to other information assurance standards (such as ISO 27000, NIST 800-53, the NIST Core Framework, and others) and how the controls can be used to meet the goals of those standards. GCCC holders will be able to make a practical difference in the security posture of any organization.

The Critical Security Controls are an effective and recognized security framework because they were vetted by, and reflect the strong consensus of, a broad community of security professionals spanning both government and industry. They were derived from analyses of the most common attack patterns regularly launched against actual networks. The Controls embody a "must do first" philosophy, prioritize specific high-payoff activities, and can serve as the basis for immediate high-value action.

CISOs, CIOs, IGs, systems administrators, and information security personnel can use the Controls as a specific guideline to manage and measure the effectiveness of their defenses. The Controls are designed to complement existing standards, frameworks, and compliance schemes by prioritizing the most critical threat and highest payoff defenses, while providing a common baseline for action against risks that we all face.

"We regularly encounter security practitioners utilizing the Critical Security Controls, but without a full understanding of the philosophies and ultimate goals of the project. The GCCC validates that a person truly understands the philosophies behind implementing and assessing an organization based on the controls," says James Tarala, Principal of Enclave Security and SANS Senior Instructor.

The SANS Institute has developed specific training material and courseware to teach students the techniques and tools to properly implement and audit the Critical Security Controls. The Implementing and Auditing the Critical Security Controls - In-Depth course is part of the SANS Institute's Cyber Defense curriculum which is comprised of information security courses designed specifically for computer, network and security professionals responsible for protecting and securing an organization's critical systems, assets, and data. The course and certification are also part of the SANS Technology Institute's master's degree program.

The course was created for security practitioners, auditors and managers of all levels by SANS Certified Instructors, who are real-world security practitioners and subject-matter experts that design and provide the hands-on, immersive training you need to keep your organization secure. Security practitioners will learn how to stop a threat, why the threat exists, and how to ensure that security measures deployed today will be effective against the next generation of threats.

The Critical Controls course shows security professionals how to implement the controls in an existing network through cost-effective automation. For auditors, CIOs, and risk officers, the course is the best way to understand how you will measure whether the Controls are effectively implemented.

GIAC now provides the means to certify cyber security professionals in this critical element of cyber defense. The GCCC exam will be released September 1, 2014 and pre-registration is now available at:

Keywords for this news article include: Information Technology, Information and Data Security, Global Information Assurance Certification GIAC, Global Information Assurance Certification (GIAC).

Our reports deliver fact-based news of research and discoveries from around the world. Copyright 2014, NewsRx LLC

For more stories covering the world of technology, please see HispanicBusiness' Tech Channel

Source: Information Technology Newsweekly

Story Tools Facebook Linkedin Twitter RSS Feed Email Alerts & Newsletters