.

Incident Response vs. Incident Handling

<<

timmedin

User avatar

Sr. Member
Sr. Member

Posts: 469

Joined: Thu Feb 05, 2009 11:18 pm

Post Fri Apr 17, 2009 4:19 pm

Incident Response vs. Incident Handling

A good overview of the difference between handling and responding to an incident and the skills needed for each.

One of the things that comes ups frequently in discussion is the difference between incident response, and incident handling. 
...
That is the difference between Incident Response, and Incident Handling.  Incident Response is all of the technical components required in order to analyze and contain an incident.  Incident Handling is the logistics, communications, coordination, and planning functions needed in order to resolve an incident in a calm and efficient manner. Yes, there are people who can fulfill either role, but typically not at the same time. The worse things get, the greater the requirement for the two different roles becomes.
...


http://isc.sans.org/diary.html?storyid=6205&rss
twitter.com/timmedin | http://blog.securitywhole.com
<<

unsupported

User avatar

Sr. Member
Sr. Member

Posts: 318

Joined: Sun Feb 08, 2009 3:38 pm

Location: 407

Post Mon Apr 20, 2009 9:16 am

Re: Incident Response vs. Incident Handling

I see your post, and raise you a blog.  http://taosecurity.blogspot.com/2009/04 ... ponse.html

Incident response and incident handling are synonyms. If you need to differentiate between the role that does technical work and one which does leadership work, you can use incident response/handling for the former and incident management for the latter.


The blog goes into a further dissection of GCIH as a technical cert, with CERT's CCSI as being the management portion.

I agree with Bejtlich in that being GCIH certified does not automatically grant someone the ability to handle incidents.

But then again, I neither myself or my company would ever pay $9k+ for CERT's cert.. so I'm going GCIH.

Good topic!  I was going to bring it up this morning if someone hadn't.
-Un
CISSP, GCIH, GCIA, C|EH, Sec+, Net+, MCP

Return to Incident Response

Who is online

Users browsing this forum: No registered users and 0 guests

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software