• Skip to main content
  • Skip to primary sidebar

ConvoCourses

Cyber Security Compliance and IT Jobs

  • Cyber Security Training
  • about me.
  • Information Assurance Jobs

SANS GSLC

gslc certification

June 13, 2014 by Bruce Brown Leave a Comment

GSLC certification – GIAC Security Leadership (GSLC)

The GSLC is for security professionals with managerial or supervisory responsibility for information security employees.

Its often used as a replacement for the CISSP since its listed on the old DoD 8570 Chart of acceptable Tier 3 certifications.

The following comes directly from SANS:

802.11

The manager will demonstrate an understanding of the misconceptions and risks of 802.11 wireless networks and how to secure them.

Access Control and Password Management

The manager will demonstrate an understanding of the fundamental theory of access control and the role of passwords in controlling access to systems.

Building a Security Awareness Program

The manager will demonstrate an understanding of the critical elements of creating and managing a Security Awareness Program.

Business Situational Awareness

The manager will demonstrate familiarity with the concept of situational awareness and the fundamental sources of information that lead to business situational awareness.

Change Management and Security

The manager will be able to identify the signs of poor change management, understand the risks to the organization, and develop a program to improve operations.

Computer and Network Addressing

The manager will demonstrate an understanding of how computers have a variety of names and addresses on a network and this must be managed.

Cryptography Algorithms and Concepts

The manager will demonstrate an understanding of the several crypto algorithms and the concepts behind secure ciphers.

Cryptography Applications, VPNs and IPSec

The manager will demonstrate an understanding of how cryptography can be used to secure a network and how Pretty Good Privacy (PGP) works, and be introduced to VPNs, IPSec and Public Key Infrastructure (PKI).

Cryptography Fundamentals

The manager will demonstrate a basic understanding of the fundamental terminology and concepts of cryptography.

Defense-in-Depth

The manager will demonstrate an understanding of the terminology and concepts of Risk and Defense-in-Depth, including threats and vulnerabilities.

Defensive OPSEC

The manager will demonstrate an understanding of what OPSEC is and the techniques used in defensive Operational Security.

Disaster Recovery / Contingency Planning

The manager will be able to lead the BCP/DRP team and realistically plan for Business Continuity and Disaster Recovery.

DNS

The manager will demonstrate an understanding of how the Domain Name System (DNS) works, common attacks against DNS, and what can be done to defend against those attacks.

Endpoint Security

The manager will demonstrate an understanding of the issues related to defending Windows desktops and laptops.

Facilities and Physical Security

The manager will demonstrate the ability to articulate the needs of the information technology and security program to the parts of the organization responsible for facilities and physical security.

General Types of Cryptosystems

The manager will demonstrate an understanding of the three general types of cryptosystems.

Honeypots, Honeynets, Honeytokens, Tarpits

The manager will demonstrate an understanding of basic honeypot techniques and common tools used to set up honeypots.

Incident Handling and the Legal System

The manager will demonstrate an understanding of the basic legal issues in incident and evidence handling.

Incident Handling Foundations

The manager will demonstrate an understanding of the concepts of incident handling and the six-step incident handling process.

Information Warfare

The manager will demonstrate familiarity with the theory and techniques of information warfare.

IP Terminology and Concepts

The manager will demonstrate an understanding of the terminology and concepts of IP protocols and how they support the Internet.

Logging

The manager will demonstrate an understanding of how logging works, options for collection and processing and the uses for correlation technology.

Malicious Software

The manager will demonstrate an ability to articulate what malicious code is, the common types of malicious code, how it propagates, and why it is such an expensive problem

Manager’s Guide to Assessing Network Engineer

The manager will be able to assess the ability of a network engineer to understand network traffic.

Managerial Wisdom

The manager will demonstrate knowledge of the most effective business techniques from the most acclaimed books.

Managing Ethics

The manager will demonstrate familiarity with ethical issues and guidelines pertaining to IT security.

Managing Intellectual Property

The manager will be able to identify and protect intellectual property and intangible assets.

Managing IT Business and Program Growth in a Globalized Marketplace

The manager will demonstrate an understanding of the key factors affecting globalization and the fundamental principles to managing an IT business and achieving sustainable growth

Managing Legal Liability

The manager will demonstrate an understanding of how to use due diligence to manage an organization’s legal liability with emphasis on fraud and IT issues.

Managing Negotiations

The manager will demonstrate familiarity with guidelines for sound negotiation practices.

Managing PDA Infrastructure

The manager will understand the critical issues related to data stored on Personal Digital Assistant devices.

Managing Privacy

The manager will demonstrate an understanding of the privacy concerns that customers typically have and solutions that can be used to maintain privacy of data.

Managing Security Policy

The manager will be able to assess current policy, identify overall security posture of organization, ensure that existing policy is applicable to organization’s needs and modify policy as required.

Managing Software Security

The manager will demonstrate the ability to build security into the software development process.

Managing Technical People

The manager will demonstrate an understanding of techniques that can be used to communicate with and manage technical staff.

Managing the Mission

The manager will demonstrate an understanding of how mission statements and policy keep organizations on track and how security relates to the mission.

Managing the Procurement Process

The manager will demonstrate knowledge of the management responsibility for vendor selection through the primary phrases of the procurement process and learn how to provide oversight into requirements analysis, price paid, and analysis of ROI.

Managing the Total Cost of Ownership

The manager will demonstrate an understanding of how to apply TCO to analyze proposed solutions over their entire life cycle as well as be able to identify main areas of cost for a given project.

Methods of Attack

The manager will demonstrate an introductory understanding of the most common attack methods and the basic strategies used to mitigate those threats.

Offensive OPSEC

The manager will demonstrate an understanding of OPSEC principles and offensive OPSEC techniques.

Project Management For Security Leaders

The manager will demonstrate familiarity with the terminology, concepts and five phases of project management and the role of a Project Management Office in IT/IT Security.

Quality

The manager will demonstrate an understanding of the basics of continuous product improvement and Deming’s 14 points.

Risk Management and Auditing

The manager will demonstrate the ability to evaluate and manage risk.

Safety

The manager will demonstrate the ability to articulate the needs of the information technology and security program to the parts of the organization responsible for safety.

Security and Organizational Structure

The manager will demonstrate an understanding of how security integrates into organizational structure and be familiar with guidelines for recruiting and hiring IT staff.

Security Frameworks

The manager will demonstrate an understanding of the basic structure and approach to implementation of COBIT and ISO 27002 as well as practical tools to help implement the standards.

Selling Security

The manager will demonstrate understanding of how to promote security improvements to other managers within their organization.

Steganography

The manager will demonstrate an understanding of the concepts and techniques behind steganography, steganographic tools and defensive techniques.

The Intelligent Network

The manager will demonstrate an understanding of the differences between a typical traditional network design and the new components that are part of an intelligent network.

The Network Infrastructure

The manager will demonstrate understanding of and ability to communicate the fundamental technologies and concepts that describe LAN and WAN network infrastructure.

Vulnerability Management – Inside View

The manager will demonstrate an understanding of common approaches used to gather network intelligence from organizations using commonly available tools and methods directly from the system.

Vulnerability Management – Outside View

The manager will demonstrate an understanding of common approaches used to gather network intelligence from organizations using commonly available tools and methods across a network.

Vulnerability Management – User View

The manager will be able to factor in the impact the user can have on an organization’s risk posture.

Web Communications and Security

The manager will demonstrate an introductory understanding of web application communications, security issues, and defenses.

Wireless Advantages and Bluetooth

The manager will demonstrate an understanding of the advantages that make wireless technology ubiquitous and be introduced to Bluetooth wireless technology.

http://www.giac.org/certification/security-leadership-gslc

Filed Under: Risk Management For DoD IT Tagged With: gslc, gslc certification, SANS GSLC

Primary Sidebar

search


This is a breakdown of each of the NIST 800-53 security control families and how they relate to each step in the NIST 800-37 risk management framework process.

also available on Amazon!

View Book


This is a breakdown of each of the NIST 800-53 security control families and how they relate to each step in the NIST 800-37 risk management framework process.

also available on Amazon!

View Book


This book is an overview of how the NIST SP 800-37 risk management framework works from the perspective of an information system security officer (ISSO).

also available on Amazon!

View Book

NIST RMF 800-37 templates
Free 800-37 templates

The NIST 800 Template download contains a .doc file template and xls templates for POAMs, Federal, State, cloud based and a legacy template as well as resources where you can find more on NIST 800-37 documents for your use.

View Book

Learn to Make 6 Figures in CyberSecurity

RMF ISSO Foundations Training
RMF ISSO Foundations Training

RMF ISSO Foundations

I was an Information System Security Officer (ISSO) doing Risk Management Framework (NIST SP 800-37) for over a decade. I am a Cybersecurity veteran and I can explain (in plain English) what you DO in the Risk Management Framework process as an ISSO.

View Course

NIST SP 800-37 Presentation
NIST SP 800-37 Presentation

View Course

login

  • Register
  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org

Recent Posts

  • Cybersecurity Jobs Resume Marketing: Book 1 Find Cybersecurity jobs
  • Security Control Assessor (SCA) Methods table top exercise
  • Cybersecurity Pro opinion about Tiktok
  • Las Vegas teleworking
  • STIGS in the RMF Process

Meta

  • Register
  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org

Recent Comments

  • http://Www.Finance.Ipt.Pw/ on SRG/STIG Applicability Guide and Collection Tool Update
  • Elsa7 on ConvoCourses podcast: Cyber Security day to day activity
  • Tony on STIG Update – DISA has released the Microsoft SQL Server 2016 STIG Version 1
  • horloge on SCAP Compliance Checker SCC)
  • 218 Information assurance Success Criteria – ITSECURITYSURVIVAL.COM on Information Assurance Vulnerability Alert

Tags

8140 8570 ArcSight c&a CISSP convocourses cyber cybersecurity cyber security DIACAP DIARMF diarmf - implement disa DISA STIG dodd 8140 dodd 8140 cyberspace workforce HBSS IA implement implementation info assurance information assurance information security ISSO it jobs it jobs in usa job jobs Linux mcafee network nist nist risk management framework nist risk management framework 800-37 podcast risk risk assessment risk management risk management framework rmf security STIG stigs unix windows


This is a breakdown of each of the NIST 800-53 security control families and how they relate to each step in the NIST 800-37 risk management framework process.

also available on Amazon!

View Book

Copyright © 2023 · Author Pro on Genesis Framework · WordPress · Log in