GIAC Information Security Fundamentals Certification

What the exam entails and how to prepare

Caucasian technician using digital tablet in server room
Erik Isakson/Blend Images/Getty Images

If you are interested in becoming an information security administrator, Global Information Assurance Certification (GIAC) Information Security Fundamentals is a certification that provides an overview of information security.

Although not a necessary step to obtain a job, it is the introductory-level certification offered by GIAC, and could be a good way to educate yourself in the basics of information security.

GIAC says it may be useful for those looking to communicate with their infosec staff on a more technical level. Meaning it is ideal for managers and the like.

The GISF Purpose

According to GIAC, the goal of the GIAC Information Security Fundamentals (GISF) certification program is to certify individuals can understand the threats and risks to information resources, identify best practices that can be used to protect these resources, and learn to diversify an organization's protection strategy.

This certification must be renewed every four years, and represents an understanding of fundamental information security topics, such as authentication, cryptography, systems security, and systems policy.

The GISF Intended Audience

The GISF certification is beneficial for information security officers who are looking to bridge the knowledge gap with their managers and system administrators, as it provides an overview of risk management and defense in-depth techniques.

It can also work the other way for managers without in-depth infosec knowledge, this knowledge obtained from studying for this certification could give them a better understanding of what their infosec officer does.

People who write or implement policies would also benefit from obtaining this certification, as it is a represents a high-level proficiency with information security concepts.

Preparing For The Certification

According to GIAC's website, candidates can gain the knowledge required for this certification through practical experience, or by reading books about computer information security.        

They can also opt for training from the SANS Institute or other relevant courses, but many people can complete these certification with any previous infosec training if possible. Creating an account with SANS gets you a free practice test with 50 questions.

The Exam Itself 

The exam consists of 75 questions and you have two hours to complete it. You need to get 70 percent or 52 questions correct in order to pass.

The test is in-person and proctored. The official website gives you locations as well as time slots to choose from.

You also can bring materials the day-of; the test is open-book, but no electronic devices are allowed.

Price of the GISF Exam

Standard registration is $899, but the price is reduced to $499 if you take the SANS Security Essentials 401 course first. Keep in mind, however, that the SANS course can run upwards of $3,000.


There are a lot of certification options out there, particularly for security. Look around in your field and/or organization to ensure which one is the best one for your goals.

Also, obtaining certifications matter entirely on your previous work experience and what your new job requires. Meaning you should not go after certifications with an intent to get a job, as many employers will not consider them as important as job experience on a resume.

Instead of taking a certification course right away, check out some ways to improve your resume without having to spend a dime.