Certification

Certification

GIAC Critical Controls Certification (GCCC)

Security Professionals that want to demonstrate they are qualified for IT systems hands-on roles with respect to security tasks. Candidates are required to demonstrate an understanding of information security beyond simple terminology and concepts.

GCCC Exam Certification Objectives
Background, History, Purpose & Implementation of the 20 CC The candidate will be familiar with the background, history and purpose of the 20 Critical Controls
Inventory of Authorized and Unauthorized Devices The candidate will be familiar with the processes and tools used to track/control/prevent/correct network access by devices based on an asset inventory of which devices are allowed to connect to the network
Inventory of Authorized and Unauthorized Software The candidate will be familiar with the processes and tools organizations use to track/control/prevent/correct installation and execution of software on computers based on an asset inventory of approved software.
Secure Configurations for Hardware and Software on Devices The candidate will be familiar with the processes and tools organizations use to track/control/prevent/correct security weaknesses in the configurations of the hardware and software of devices based on a formal configuration management and change control process.
Continuous Vulnerability Assessment and Remediation The candidate will be familiar with the processes and tools used to detect/prevent/correct security vulnerabilities in the configurations of devices that are listed and approved in the asset inventory database.
Malware Defenses The candidate will be familiar with the processes and tools used to detect/prevent/correct installation and execution of malicious software on all devices.
Application Software Security The candidate will be familiar with the processes and tools organizations use to detect/prevent/correct security weaknesses in the development and acquisition of software applications.
Data Recovery Capability The candidate will be familiar with processes and tools used to properly backup critical information with a proven methodology for timely recovery of the critical information.
Security Skills Assessment and Training to Fill Gaps The candidate will be familiar with processes and tools to make sure an organization understands the technical skill gaps with their workforce and plan to fill the gaps.
Secure Configurations for Network Devices The candidate will be familiar with processes and tools used to track/control/prevent/correct security weaknesses in the configurations in network devices based on formal configuration management and change controls processes.
Limitation and Control of Network Ports, Protocols, and Services The candidate will be familiar with processes and tools used to track/control/prevent/correct use of ports, protocols, and services on networked devices.
Controlled Use of Administrative Privileges The candidate will be familiar with processes and tools used to track/control/prevent/correct use, assignment and configuration of administrative privileges on computers, networks, and applications.
Boundary Defense The candidate will be familiar with the processes and tools used to detect/prevent/correct the flow of information transferring networks of different trust levels.
Maintenance, Monitoring, and Analysis of Audit Logs The candidate will be familiar with the processes and tools used to detect/prevent/correct use of systems and information based on audit logs of events that are consider significant or could impact the security of an organization.
Controlled Access Based on the Need to Know The candidate will be familiar with the processes and tools used to track/control/prevent/correct secure access to information according to the formal determination of persons, computers, and applications have a need and right to access information based on an approved classification.
Account Monitoring and Control The candidate will be familiar with processes and tools used to track/control/prevent/correct use of system and application accounts.
Incident Response and Management The candidate will be familiar with process and tools to make sure an organization has a properly tested plan with trained resources for dealing with adverse events.
Secure Network Engineering The candidate will be familiar with process and tools used to build, update and validate a network infrastructure that can withstand attacks.
Penetration Tests and Red Team Exercises The candidate will be familiar with process and tools used to simulate attacks against a network to validate the overall security of an organization.
Data Protection The candidate will be familiar with the processes and tools used to track/control/prevent/correct data transmission and storage, based on the data's content and classification.
Wireless Access Control The candidate will be familiar with the processes and tools used to track/control/prevent/correct the secure use of wireless.