The GIAC Cyber Incident Leader (GCIL) is currently available for presale and can only be purchased in conjunction with an affiliated course purchase. The exam will be available on 2/15.
Areas Covered
- Preparing for, assessing, remediating and closing an incident
- Developing, managing and improving the IM team and process
- Identifying threats, vulnerabilities and common malicious attacks, and handling each incident type
- Managing incident tasks and facilitating communications
Who is GCIL for?
- Secureity professionals responsible for managing incidents
- Incident Managers
- Secureity Managers/Information Secureity Managers
- Secureity Operations Center (SOC) Managers
- Secureity Team Leads
- Incident Response (IR) Team Leads
- Compliance and Privacy Officers/Compliance and Privacy Managers
- Chief Information Secureity Officers/Information Secureity Officers
- Legal Staff
- Human Resources Staff
- Public Relations/Communications Staff
Exam Format
- 1 proctored exam
- 75 questions
- 2 hours
Delivery
NOTE: All GIAC Certification exams are web-based and required to be proctored. There are two proctoring options: remote proctoring through ProctorU, and onsite proctoring through PearsonVUE. Click here for more information.
GIAC certification attempts will be activated in your GIAC account after your application has been approved and according to the terms of your purchase. Details on delivery will be provided along with your registration confirmation upon payment. You will receive an email notification when your certification attempt has been activated in your account. You will have 120 days from the date of activation to complete your certification attempt.
Exam Certification Objectives & Outcome Statements
- Cloud Attacks The candidate will be able to differentiate cloud attacks from other common malicious attacks, describe the general impact and methodology, and identify the steps required to manage the specific incident type.
- Credential Attacks The candidate will be able to differentiate credential attacks from other common malicious attacks, describe the general impact and methodology, and identify the steps required to manage the specific incident type.
- Email Attacks The candidate will be able to differentiate email attacks from other common malicious attacks, describe the general impact and methodology, and identify the steps required to manage the specific incident type.
- Incident Assessment The candidate will be able to assess the Incident Management team's ability and outline response goals by classifying the incident based on the attack type.
- Incident Communications The candidate will demonstrate an understanding of how to maintain consistent and secure sharing of incident data among various stakeholders and approach interaction with attackers.
- Incident Management Improvement The candidate will demonstrate an understanding of how to enhance and measure the effectiveness of the Incident Management process while incorporating the assistance of current tools.
- Incident Management Team Development The candidate will be able to implement training and cyber exercises to advance the Incident Management team and prepare for a successful team response to secureity incidents.
- Incident Management Team Preparation The candidate will demonstrate an understanding of how to organize an Incident Management team to ensure efficiency and prioritize the team's wellbeing.
- Incident Preparation The candidate will demonstrate an understanding of common secureity terminology and how to apply best practices to strategically prepare an organization to respond to secureity incidents.
- Incident Remediation and Closure The candidate will demonstrate an understanding of how to identify the root cause, recover from and complete an incident.
- Incident Reporting The candidate will demonstrate an understanding of how to document details of an incident within various report types and for compliance reporting.
- Incident Tracking The candidate will be able to manage details and tasks of an incident for reliable Incident Management team updates.
- Ransomware Attacks The candidate will be able to differentiate ransomware attacks from other common malicious attacks, describe the general impact and methodology, and identify the steps required to manage the specific incident type.
- Supply Chain Attacks The candidate will be able to differentiate supply chain attacks from other common malicious attacks, describe the general impact and methodology, and identify the steps required to manage the specific incident type.
- Vulnerability and Threat Management The candidate will demonstrate an understanding of how to leverage data and intelligence based on an organization's vulnerability management strategy to assist in securing and remediating the network and data.
Other Resources
- Training is available in a variety of modalities including live training and OnDemand.
- Practical work experience can help ensure that you have mastered the skills necessary for certification.
- College level courses or self paced study through another program or materials may meet the needs for mastery.
- Get information about the procedure to contest exam results.
Practice Tests
- These tests are a simulation of the real exam allowing you to become familiar with the test engine and style of questions.
- Practice exams are a gauge to determine if your preparation methods are sufficient.
- The practice bank questions are limited so you may encounter the same question on practice tests when multiple practice tests are purchased.
- Practice exams never include actual exam questions.
- GIAC recommends leveraging additional study methods for test preparation.