A good overview of the difference between handling and responding to an incident and the skills needed for each.
One of the things that comes ups frequently in discussion is the difference between incident response, and incident handling.
That is the difference between Incident Response, and Incident Handling. Incident Response is all of the technical components required in order to analyze and contain an incident. Incident Handling is the logistics, communications, coordination, and planning functions needed in order to resolve an incident in a calm and efficient manner. Yes, there are people who can fulfill either role, but typically not at the same time. The worse things get, the greater the requirement for the two different roles becomes.
Incident response and incident handling are synonyms. If you need to differentiate between the role that does technical work and one which does leadership work, you can use incident response/handling for the former and incident management for the latter.
The blog goes into a further dissection of GCIH as a technical cert, with CERT’s CCSI as being the management portion.
I agree with Bejtlich in that being GCIH certified does not automatically grant someone the ability to handle incidents.
But then again, I neither myself or my company would ever pay $9k+ for CERT’s cert.. so I’m going GCIH.
Good topic! I was going to bring it up this morning if someone hadn’t.
Viewing 1 reply thread
You must be logged in to reply to this topic.
– EH-Net Live!Thurs Oct 29 @ 1:00 PM US ET. Details Coming Soon!