Anyone who follows the IT industry knows that information security is the No. 1 issue facing IT pros today. The past few years have seen an unprecedented number of well-organized, sophisticated hacker attacks on corporate databases, government registries and personal identities. Because of this, the need for well-trained, validated IT security professionals has grown substantially in recent years.
As the number of attacks on computers and networks has increased, the field of information security has evolved to include a number of specializations. Today's more-proactive IT departments don't have a single security generalist standing watch over systems and networks. Rather, they employ a number of security specialists, each of them with a specific expertise in an area of networking or information security.
What is an incident handler?
One such specialization is incident handling. An incident handler is responsible for monitoring computers and networks for security-related incidents. If one is detected, the incident handler determines the best way to respond to the attack and carries out the response. This is notably different from a standard network administrator's responsibilities, in that network admins are expected to plan for and respond to events based on hardware and software failures, while an incident handler responds specifically to malicious attacks instigated by one or more outsiders (or insiders, as the case may be). Security incident handling specialists looking for a certification that will validate their skills to an employer should consider the GIAC Certified Incident Handler (GCIH) designation. GIAC, which stands for Global Information Assurance Certification, has been offering its IT security-related certification programs since the late 1990s, and GIAC certifications are well-recognized by companies and government agencies worldwide.
GIAC classifies the Certified Incident Handler as an "Advanced Security Administration" certification. There is no official prerequisite for the GCIH, but candidates should have some experience in the field and are encouraged to take a security incident handling course before taking the exam.
Getting a GCIH certification
The exam can be booked through the GIAC website. The exam itself is taken at a designated Pearson VUE test center. It consists of 150 questions, and candidates have up to four hours to finish. Candidates must achieve a passing score of 72 percent or higher to get certified.
Here are the major knowledge domains covered in the GCIH certification exam, in alphabetical order:
- Backdoors and Trojan Horses
- Buffer Overflows
- Covering Tracks: Networks
- Covering Tracks: Systems
- Denial of Service Attacks
- Exploiting Systems using Netcat
- Format String Attacks
- Incident Handling Overview and Preparation
- Incident Handling Phase 2 Identification
- Incident Handling Phase 3 Containment
- IP Address Spoofing
- Network Sniffing
- Password Attacks
- Scanning: Host Discovery
- Scanning: Network and Application Vulnerability Scanning and Tools
- Scanning: Network Devices
- Scanning: Service Discovery
- Session Hijacking, Tools and Defenses
- Types of Incidents
- Virtual Machine Attacks
- Web Application Attacks
- Worms, Bots, and Bot-Nets
Renewing the certificate
Once earned, the GCIH certification is valid for four years. The recertification process can be started two years prior to its expiration date. Renewal is done using what GIAC refers to as Certification Maintenance Units. CMUs can be earned in a number of different ways, including both taking training courses and practical work experience. All of the details for renewing the GCIH certification can be found on the GIAC Renewal webpage.
The GIAC Certified Incident Handler certification is a well-recognized and industry-valued designation. Adding to the GCIH certification's value is the fact that it is a vendor-neutral certification, meaning that it is not tied to a specific manufacturer's hardware or software security technology. This gives the GCIH certification a high universal value to both businesses and governments, making it a desirable certification for security incident specialists worldwide.