Q. What is the GIAC Security Essential Certification (GSEC) exam?
A. GIAC Security Essential Certification (GSEC) is a vendor-neutral certification that validates an individual’s understanding of information security. Professionals holding a GSEC certificate can prove they have the skills required for IT security-related fields. The GSEC certification is designed to show that the successful candidate has an understanding of technical information security and knowledge on the ten domains of knowledge as determined by GIAC.

Q. What are the prerequisites for the GSEC exam?
A. There is no prerequisite for the GSEC exam.

Q. What certificate does it provide?
A. The GSEC exam is one test required to achieve the GSEC certification as certified information security professionals.

Q. How many questions are asked in the test?
A. 180

Q. What is the duration of the test?
A. 5 hours

Q. Which type of test is it? (Adaptive/Linear)
A. The GSEC test is in a linear format.

Q. What is the passing score?
A. 70% (175 of 250 questions) is the minimum passing score to pass the exam.

Q. What is the test retake policy?
A. If you fail a GIAC Certification exam, you may purchase a retake for the cost $199 by clicking on the “buy retake” link, under the “certification attempts” section in the GIAC exam engine area of your portal account. Once purchased, retakes are non-refundable.

A retake will extend your final certification attempt deadline by one month and your adjusted deadline will be displayed in your Exam Engine.

If you do not purchase the retake before your expiration date arrives, you will need to purchase an extension, and then purchase the retake. Please see the information on extensions below. Your access to any associated practice tests and/or audio files will be automatically extended to match your certification deadline.

Q. Is the GSEC exam right for me?
A. The GSEC exam is ideal for the security professionals who want to fill the gaps in their understanding of technical information security. This is helpful for System, Security, and Network Administrators who want to understand the practical applications of the Common Body of Knowledge. Managers can be benefited by understanding information security beyond simple terminology and concepts. GSEC certification is also good for the individuals who are new to the information security field with some background in information systems and networking.

Q. What are the code languages available for the GSEC exam?
A. English

Q. What skills are measured in the GSEC exam?
A. The GSEC certification is designed to show that the successful candidate has an understanding of technical information security and knowledge on the domains of knowledge as determined by GIAC.

Q. Where can I take the test?
A. The primary method for taking a proctored exam is through our testing partner KRYTERION.

Q. How can I locate a testing center?
A. Use the following link to locate a KRYTERION testing center near you: http://www.giac.org/proctor/kryterion.php

Q. How can I schedule, reschedule, cancel, or confirm the exam?
A. GIAC offers a complete Web-based solution, which enables you to schedule your proctored exam through KRYTERION via the GIAC/SANS portal interface.

If you want to reschedule your exam appointment, you may do so before 72 hours of exam appointment. Click here for the details of scheduling, rescheduling, canceling, or confirming the exam.

Q. What is the exam fee?
A. $999

Q. What is the CISM exam?
A. The Certified Information Security Manager (CISM) certification is a distinctive management focused certification that has been earned by numerous professionals. The CISM certification is for those candidates who manage, design, oversee, and assess an enterprise’s information security program. CISM defines the core competencies and international performance standards that those who have information security management responsibilities must master.

Q. What are the prerequisites of the CISM exam?
A. Candidates for the CISM certification must pass the examination, agree to adhere to ISACA’s Code of Professional Ethics, and submit evidence of five years work experience in the field of information security. Work experience must be gained within the 10-year period preceding the application date for certification or within five years from the date of initially passing the exam. Three of the five years of work experience must be gained performing the role of an information security manager.

Q. What are the benefits of becoming CISM certified?
A. The benefits of becoming CISM certified are as follows:

  • Recognition of attainment of advanced job skills as required for an information security professional
  • Worldwide recognition as an information security manager
  • Opportunity to build upon existing certifications/credentials already earned
  • Provides tangible evidence of career growth
  • Provides a business and technology orientation to risk management
  • Potential for a salary increase and/or promotion

Q. What certificate does it provide?
A. It provides CISM certification.

Q. How many questions are asked in the test?
A. User will be required to attempt approximately 200 questions.

Q. What is the duration of the test?
A. Users are required to attempt all questions in 4 hours.

Q. Which type of test is it? (Adaptive/Linear)
A. Linear

Q. What is the passing score?
A. 450 out of 800

Q. What is the test retake policy?
A. A candidate receiving a score of less than 450 has not passed and can retake the exam during any future exam administration. To assist with future study, the results letter each candidate receives will include a score analysis by content area. There are no limits to the number of times a candidate can take the exam.

Q. What can I expect in the CISM exam?
A. An examinee should practice the following areas to pass the CISM certification:

  • Information security governance
  • Information risk management
  • Information security program development
  • Information security program management
  • Incident management and response

Q. What skills are measured in the CISM exam?
A. The skills measured in the CISM certification exam are as follows:

  • Developing an information security strategy aligned with business goals and objectives
  • Planning the budgetary strategies and reporting methods
  • Establishing reporting and communication channels throughout an organization
  • Establishing a process for information asset classification and ownership
  • Identifying and evaluating the information security controls and countermeasures to mitigate risk to acceptable levels
  • Identifying the factors used to determine risk reporting frequency and requirements
  • Understanding of baseline modeling and its relationship to risk-based assessments of control requirements and information security controls
  • Implementation of gap analysis to assess generally accepted standards of good practice for information security management against current state
  • Implementation of information security architectures and their deployment
  • Developing the life cycle methodologies, activities, and processes for incorporating security requirements into contracts
  • Implementing and interpreting the information security policies and information security administrative processes and procedures
  • Developing and implementing processes for detecting, identifying, analyzing, and responding to information security incidents
  • Understanding of disaster recovery testing for infrastructure and critical business applications
  • Identifying and managing security incidents and the understanding of crisis communications