RSSIncident Response

CSIH – CERT® Certified Computer Security Incident Handler

| February 24, 2006

Exam Details:

Questions:
Time:
 
Passing Score: 80%
Format:
Cost: $200.00
Other Requirements: Complete associated courses, 3 yrs experience, application and review
Renewal: Every 3 years, Continuing education required

Editors’ Quick Thoughts

This is yet another certification tied to training. Although we understand the business model behind this approach, it does limit the viability of the credential. This certification is not well know, but we can tell you that the CERT Organiztion is highly respected.

From the Horse’s Mouth (CERT’s Web Site Content):

The CERT®-Certified Computer Security Incident Handler (CSIH) certification program has been created for incident handling professionals, computer security incident response team (CSIRT) technical staff, system and network administrators with incident handling experience, incident handling trainers and educators, and individuals with some technical training who want to enter the incident handling field. It is recommended for those computer security professionals with three or more years of experience in incident handling and/or equivalent security-related experience.

More from CERT.

EH-Net Resources

  • Book Recommendations
  • Related Forums
  • Related News Feed

GCIH – GIAC Certified Incident Handler

| February 24, 2006

Details:

Silver: Exam

Questions:
Time:
Passing Score:
Format:
Cost:
Other Requirements:
Renewal:

Gold: Practical

Many had feared that the practical portion of the GIAC certification program had disappeared. It actually has just been renamed to allow for 2 levels of certification. Silver for the exam alone and gold for the practical.

Editors' Quick Thoughts

One of the instructors for this course is the venerable Ed Skoudis. That alone makes it worth the price of admission. Concentrating on not only ethical hacking techniques, this course also deals with what to do after a pen test. This certification is tied to the SANS training course SEC-504. Although a candidate may take the exam without attending the course, the price for that chosen path makes that option almost unreasonable. The course is top notch as many SANS offerings are, but many may find the (somewhat) lack of a self-study option to be undesireable. To end on a positive note, SANS and their cert arm, GIAC, are widely known and respected. Also, the fact that there are very few worries about the quality of instructors before attending training, you can rest assured that you won't be stuck in PowerPoint Hell.

From the Horse's Mouth (GIAC's Web Site Content):

Course:

Hacker Techniques, Exploits & Incident Handling, SEC-504

Target:

Individuals responsible for incident handling/incident response; individuals who require an understanding of the current threats to systems and networks, along with effective countermeasures. GIAC Certified Incident Handlers (GCIHs) have the knowledge, skills, and abilities to manage incidents; to understand common attack techniques and tools; and to defend against and/or respond to such attacks when they occur.

More from SANS/GIAC.

CSP Resources