Remember meForgot password?
    Log in with Twitter
Press Release
BETHESDA, Md., July 1, 2014--(PR Newswire)--

GIAC Announces the GIAC Critical Controls Certification

A unique cybersecurity certification based on the Twenty Critical Security Controls

PR Newswire

BETHESDA, Md., July 1, 2014 /PRNewswire-USNewswire/ -- Global Information Assurance Certification (GIAC) is pleased to announce the GIAC Critical Controls Certification (GCCC), the only certification based on the Critical Security Controls, a prioritized, risk-based approach to security.  The GCCC ensures that candidates have the knowledge and skills to implement and execute the Critical Security Controls recommended by the Council on Cybersecurity, and perform audits based on the standard.  

Successful candidates will gain the necessary knowledge to understand the philosophies and driving forces behind the creation of the Critical Security Controls, their scope, and how these controls can be used to prioritize information security controls based on community risk assessment efforts.  Candidates will understand how the Critical Security Controls relate to other information assurance standards (such as ISO 27000, NIST 800-53, the NIST Core Framework, and others) and how the controls can be used to meet the goals of those standards. GCCC holders will be able to make a practical difference in the security posture of any organization.

The Critical Security Controls are an effective and recognized security framework because they were vetted by, and reflect the strong consensus of, a broad community of security professionals spanning both government and industry.  They were derived from analyses of the most common attack patterns regularly launched against actual networks. The Controls embody a "must do first" philosophy, prioritize specific high-payoff activities, and can serve as the basis for immediate high-value action.

CISOs, CIOs, IGs, systems administrators, and information security personnel can use the Controls as a specific guideline to manage and measure the effectiveness of their defenses. The Controls are designed to complement existing standards, frameworks, and compliance schemes by prioritizing the most critical threat and highest payoff defenses, while providing a common baseline for action against risks that we all face.

"We regularly encounter security practitioners utilizing the Critical Security Controls, but without a full understanding of the philosophies and ultimate goals of the project. The GCCC validates that a person truly understands the philosophies behind implementing and assessing an organization based on the controls," says James Tarala, Principal of Enclave Security and SANS Senior Instructor.

The SANS Institute has developed specific training material and courseware to teach students the techniques and tools to properly implement and audit the Critical Security Controls. The Implementing and Auditing the Critical Security Controls - In-Depth course is part of the SANS Institute's Cyber Defense curriculum which is comprised of information security courses designed specifically for computer, network and security professionals responsible for protecting and securing an organization's critical systems, assets, and data.  The course and certification are also part of the SANS Technology Institute's master's degree program.

The course was created for security practitioners, auditors and managers of all levels by SANS Certified Instructors, who are real-world security practitioners and subject-matter experts that design and provide the hands-on, immersive training you need to keep your organization secure. Security practitioners will learn how to stop a threat, why the threat exists, and how to ensure that security measures deployed today will be effective against the next generation of threats.

The Critical Controls course shows security professionals how to implement the controls in an existing network through cost-effective automation. For auditors, CIOs, and risk officers, the course is the best way to understand how you will measure whether the Controls are effectively implemented.

GIAC now provides the means to certify cyber security professionals in this critical element of cyber defense.  The GCCC exam will be released September 1, 2014 and pre-registration is now available at:

About GIAC
Global Information Assurance Certification (GIAC) is a certification body featuring over 27 hands-on, technical certifications in information security. GIAC has certified over 50,000 IT security professionals since it was founded in 1999. Eleven GIAC certifications are accredited under the IEC/ISO/ANSI 17024 quality standard for certifying bodies. GIAC is an affiliate of the SANS Institute. (

About SANS Institute
The SANS Institute was established in 1989 as a cooperative research and education organization. SANS is the most trusted and, by far, the largest source for world-class information security training and security certification in the world, offering over 50 training courses each year. GIAC, an affiliate of the SANS Institute, is a certification body featuring over 27 hands-on, technical certifications in information security. SANS offers a myriad of free resources to the InfoSec community including consensus projects, research reports, and newsletters; it also operates the Internet's early warning system--the Internet Storm Center. At the heart of SANS are the many security practitioners, representing varied global organizations from corporations to universities, working together to help the entire information security community. (  

SOURCE Global Information Assurance Certification (GIAC)

Latest News
Top News