Title: Incident Response vs. Incident Handling
Post by: timmedin on April 17, 2009, 04:19:45 PM
A good overview of the difference between handling and responding to an incident and the skills needed for each.
One of the things that comes ups frequently in discussion is the difference between incident response, and incident handling.
That is the difference between Incident Response, and Incident Handling. Incident Response is all of the technical components required in order to analyze and contain an incident. Incident Handling is the logistics, communications, coordination, and planning functions needed in order to resolve an incident in a calm and efficient manner. Yes, there are people who can fulfill either role, but typically not at the same time. The worse things get, the greater the requirement for the two different roles becomes.
Title: Re: Incident Response vs. Incident Handling
Post by: unsupported on April 20, 2009, 09:16:49 AM
I see your post, and raise you a blog. http://taosecurity.blogspot.com/2009/04/speaking-of-incident-response.html
Incident response and incident handling are synonyms. If you need to differentiate between the role that does technical work and one which does leadership work, you can use incident response/handling for the former and incident management for the latter.
The blog goes into a further dissection of GCIH as a technical cert, with CERT's CCSI as being the management portion.
I agree with Bejtlich in that being GCIH certified does not automatically grant someone the ability to handle incidents.
But then again, I neither myself or my company would ever pay $9k+ for CERT's cert.. so I'm going GCIH.
Good topic! I was going to bring it up this morning if someone hadn't.