Establish capability in the essential security skills and knowledge in demand at every organization.
The GIAC Information Security Fundamentals (GISF) certification validates a practitioner's expertise in the foundations of security, computer functions and networking, introductory cryptography, and cybersecurity technologies. GISF certification holders understand key concepts in information security and are prepared to use best practices to protect organizations against threats and risks to information and information resources.
Areas Covered
- Cybersecurity terminology
- Basics of computer networks
- Security policies
- Incident response
- Passwords
- Introductory cryptographic principles
Who is GISF for?
- Anyone new to cyber security who needs an introduction to security fundamentals
- Non-IT security managers
- Professionals with basic technical and computer knowledge
- Career-changers to cyber security
- Managers, information security officers, and system administrators
- Anyone who writes, implements, or must adhere to enterprise security policy
Exam Format
- 1 proctored exam
- 75 Questions
- Time Limit of 2 Hours
- Minimum passing score of 69%
Note: GIAC periodically reviews and may update certification specifications to ensure fairness, validity, and reliability. Using a psychometric standard-setting study, GIAC has set the passing score for the GISF exam at 69% for all candidates who receive the exam version released on or after March 7, 2026.
To confirm the exam format and passing score that apply to your specific attempt, please refer to the Certification Information section of your GIAC account: https://exams.giac.org/pages/attempts.
Certification Delivery
GIAC certification attempts will be activated in your GIAC account after your application has been approved and according to the terms of your purchase. Details on delivery will be provided along with your registration confirmation upon payment. You will receive an email notification when your certification attempt has been activated in your account. You will have 120 days from the date of activation to complete your certification attempt.
NOTE: All GIAC Certification exams are web-based and required to be proctored. There are two proctoring options: remote proctoring through ProctorU, and onsite proctoring through PearsonVUE. Click here for more information.
Exam Certification Objectives & Outcome Statements
- Adversary Analysis and Threat FrameworksThe candidate will demonstrate an understanding of how to analyze, document, and anticipate adversary behavior using standardized intelligence models and threat mapping tools.
- Defensive Technologies and Emerging IntelligenceThe candidate will demonstrate an understanding of how to identify and apply modern defensive technologies, leveraging automation and AI to enhance security operations and threat detection.
- Foundations of Cryptography and Digital TrustThe candidate will demonstrate an understanding of how cryptography enables trust, privacy, and authenticity across the digital environment.
- Foundations of CybersecurityThe candidate will demonstrate an understanding of cybersecurity, why it matters, and risk fundamentals.
- Foundations of Network CommunicationThe candidate will demonstrate an understanding of the fundamental mechanics of how devices find each other, exchange data, and support web communication on local and global networks.
- Identity, Access and Data ProtectionThe candidate will demonstrate an understanding of how identity and access mechanisms apply trust across networks and services, as well as how Data Loss Prevention (DLP) principles—including their purpose, types, and integration with identity and access management tools—protect sensitive data and mitigate insider risks.
- Intrusion and Initial Access TechniquesThe candidate will demonstrate an understanding of how attackers penetrate defenses and establish persistence within a target environment.
- Managing and Mitigating Cyber RiskThe candidate will demonstrate an understanding of practical methods for reducing risk through proactive and ongoing security practices, as well as the frameworks, laws, and ethical principles that shape cybersecurity operations.
- Network Security and ArchitectureThe candidate will demonstrate an understanding of how to architect and secure networks that protect data, users, and devices in modern distributed environments.
- Post-Exploitation and Advanced Threat TechniquesThe candidate will demonstrate an understanding of post-exploitation tactics and the technological innovations that enhance attacker sophistication and scale.
- Securing Connected and Cloud-Based EnvironmentsThe candidate will demonstrate an understanding of how to secure distributed, cloud-based, and connected environments while maintaining data protection.
- Security Foundations and AwarenessThe candidate will demonstrate an understanding of fundamental web security risks and understand how different professional roles work together to maintain organizational security posture.
Practice Tests
- Practice exams are a simulation of the real exam, allowing you to become familiar with the test engine and style of questions
- Practice exams can serve as a gauge to determine if your preparation methods are sufficient
- The bank of practice questions is limited, so you may encounter the same question on multiple practice tests
- Purchase a GISF practice test here
- Practice exams never include actual exam questions
Other Resources
- Training is available in a variety of modalities including live training and OnDemand
- Practical work experience can help ensure that you have mastered the skills necessary for certification
- College level courses or self-paced study through other programs or materials may meet the needs for mastery
- Understand the procedure to contest exam results
- Use this justification letter to share key details of this certification opportunity with your boss