GIAC Certified Enterprise Defender (GCED)

Security professionals who want to demonstrate that they are qualified for the practical roles of computer systems with respect to security tasks. Applicants must demonstrate an understanding of information security that goes beyond simple terminology and concepts.

  

 Certification objectives of the GCED exam

Defend network protocols.

The candidate will demonstrate an understanding of the OSI model and commonly used protocols that are found in multiple OSI layers. The candidate must also demonstrate a basic knowledge of the weaknesses of these protocols and the services that use them, as well as the tactics for a safer implementation.

Infrastructure and defensive tactics.

The candidate will demonstrate understanding of security infrastructures, such as firewalls, systems for preventing and detecting intruders in the host and the network, active defense measures and characteristics such as registration and use. effective

Concepts and application of digital forensics

The candidate will demonstrate an understanding of the methods and practices of digital forensics.

Concepts and application of response to incidents

The candidate will demonstrate that he understands the incident response process and its relationship to threat intelligence practices.

Interactive malware analysis

The candidate will demonstrate an understanding of the interactive analysis of malware behavior, knowledge of the tools and techniques used to perform the analysis and interpret the results of the analysis.

Intrusion detection and packet analysis.

The candidate will demonstrate understanding of intrusion prevention systems, location in the organization, configuration and adjustment, and response to alerts.

Concepts of malware analysis and basic analysis techniques

The candidate will demonstrate an understanding of the different types of malware, identify the symptoms of infection and methods to analyze it safely. The candidate will demonstrate an understanding of the advantages and disadvantages of static and automated malware analysis techniques, as well as their ability to perform these analyzes and interpret their results.

Manual analysis of malicious programs.

The candidate will demonstrate that he understands the manual inversion of malicious code, the disassembly and decompilation of malicious software and the code obfuscation techniques used by malicious software.

Concepts and forensic applications of networks

The candidate will demonstrate an understanding of the tools and legal practices of the network, which is used to analyze the stored traffic and in real time, to identify suspicious traffic or attack attempts.

Concepts and applications of network security monitoring

The candidate will demonstrate understanding of network packet analysis, their ability to use packet analysis tools and interpret the results of the analysis.

Concepts of vulnerability assessment and penetration test

The candidate will demonstrate that he understands the processes and techniques used in intrusion testing and vulnerability assessment missions. The candidate will demonstrate knowledge of the types of tools required for such missions.

Vulnerability assessment and penetration test application

The candidate will demonstrate understanding and skills using the intrusion testing and vulnerability assessment tools, and familiarity with the types of assessment objectives and types of testing.