New security certification from GIAC available Sept. 1
The internet has been on high alert for the past few days with, buzzing with the revelation of the latest massive data breach. IT security consulting group Hold Security identified the theft by a gang of Russian hackers of more than 4.5 billion user records. The gang has been nicknamed CyberVor ("vor" being Russian for "thief"), and the details of their exploits were fascinating enough to capture the interest of computer users everywhere from early last week until — wait, what was that about Robin Williams?!
Everyone tends to be terrified when news of the latest devastating cyberdisaster first hits, but the speed with which successful attacks get swept under the rug of public consciousness can be a little breathtaking.
That general indifference is probably one of the primary motivations behind the new security certification announced last month by GIAC that will be available in September. The new GIAC Critical Controls Certification (GCCC) qualifies individuals to vet businesses and organizations for compliance with the Critical Security Controls, a body of policies recommended by the global Council on CyberSecurity, based in Washington, D.C. The mission of the Council is essentially to alert individuals and organization to ever-escalating threats from hackers, and "accelerate the widespread availability and adoption of effective cybersecurity measures, practice and policy." With a GCCC in hand, a security professional will have full awareness of the Controls and can work to assure their implementation.
James Tarala, a senior instructor for SANS, the security technology group that administers GIAC, said in press release announcing the GCCC that many security professionals are already working to implement the Critical Security Controls, but without a complete understanding of their purpose. "The GCCC validates that a person truly understands the philosophies behind implementing and assessing an organization based on the controls," Tarala said.
To become GCCC certified, candidates must complete a 75-question exam with a three-hour time limit. There are 21 exam topics, listed alphabetically at GIAC's GCCC web page. The certification doesn't require any specific training or prerequisites, but GIAC is offering a series of training events designed to prepare IT security pros to take and pass the exam. Recertification will be required on a four-year schedule.