Even though technology has been a huge help with responding to incidents it is still an area that typically requires many employees to deal with. This won’t change anytime soon and is the reason you should consider this a viable area for career movement. On top of that incident response will never get old because the attacks keep changing.
Incident response or incident handling is an approach that allows security experts to take appropriate actions against cyber-security breaches. The general incident response strategy comprises of the following six phases.
- Preparation
- Identification
- Containment
- Eradication
- Recovery
- Learning
The preparation phase can be seen in two different contexts, i-e pre-incident, and post-incident scenarios. Pre-incident preparation means that your organization has a well-trained incident response team, well-defined incident response policies, and reliable software/equipment to coup with security breaches. The post-incident preparation means getting everything ready to react to the incident. Identification phase determines whether or not you have been breached. The process requires the monitoring of systems/network/environment to see any anomalies (deviation from normal behavior). The containment is the process of limiting the loss caused by the incident. The process may involve steps like disconnecting devices from the network, deleting files, etc. Eradication means completely getting rid of attack vectors and actors that participated in the security breach. Recovery is the process of resuming all the systems back to normal after they have been cleaned or restored from known backups. Learning is the last optional phase of incident response-cycle. The good security experts learn from the incidents, document their findings and remedies, and pass on the information to stop similar incidents from happening in the future.
Knowing incident response phases does not guarantee the security/safety of organizations. It is the human factor that matters the most. Only an expert in cyber-security can devise the most efficient incident response plans, document policies, and handle the incidents by applying effective strategies, tools, and workforce. Following is a brief overview of incident response (incident handling) certifications having great repute in the industry. Those who are interested in incident handling jobs in cyber-security should consider these certifications to increase their chances of getting hired by the organizations.
1) EC-Council’s Certified Incident Handler (E|CIH)
EC-Council evaluates the incident handling and response capabilities of individuals through E|CIH certification. The purpose of this certification is to ensure that the security personnel have the right expertise in identifying, restraining, and recovering from cyber-attacks. E|CIH also evaluates ‘drafting the security policies’ capabilities of the individuals. The certification is compliant with major frameworks including NICE 2.0 and CREST.
Who Should Avail E|CIH?
- Network administrators
- Vulnerabilities Assessment Auditors
- Penetration Testers
- Application Security Engineers
- Cyber Forensic Analysts
- SOC Analysts
- System Administrators
- Firewall Administrators
- Network Managers
How to Get E|CIH Credential?
Candidates must pass E|CIH exam to earn the certification.
Exam Format: Multiple Choice Questions
Total Questions: 100
Exam Duration: 3 Hours
Passing Marks: 70%
Prerequisite: The candidates must have at least 1-year experience of working in the cyber-security industry. Candidates with no prior experience must attend the 3-days training offered by EC-Council and its authorized training centers.
E|CIH Course Outline
EC-Council covers the following modules in E|CIH exam and training session offered by EC-Council and authorized centers.
1) Introduction to Incident Handling and Response
2) Incident Handling and Response Process
3) Forensic Readiness and First Response
4) Handling and Responding to Insider Threats
5) Handling and Responding to Network Security Incidents
6) Handling and Responding to Web Application Security Incidents
7) Handling and Responding to Malware Incidents
8) Handling and Responding to Email Security Incidents
9) Handling and Responding to Cloud Security Incidents
E|CIH page: https://www.eccouncil.org/programs/ec-council-certified-incident-handler-ecih/
2) GIAC Certified Incident Handler (GCIH)
Global Information Assurance Certification (GIAC) organization offers incident handler certification to those who want to prove their incident handling expertise. The certification assesses the computer-related incident handling expertise, such as defining steps to perform incident handling, detecting network activities and anomalies, detecting and analyzing network and system vulnerabilities, and improving the incident discovery process.
Who Should Get GCIH Credential?
- Network Security Engineers
- Penetration Testers
- Network Administrators
- System Administrators
- Network Managers
How to Get GCIH Credential?
Candidates can become GCIH certified by scheduling and taking the following GCIH exam through any GIAC proctored test centers.
Exam Questions: 100 – 150
Exam Duration: 4 Hours
Passing Marks: 73%
Exam Body: Pearson VUE
Prerequisite: None
GCIH Course Outline
GCIH exam questions are taken from the following topics/areas.
Incident Handling Overview and Preparation
Incident Handling Identification
Understanding of Client Attacks
Understanding of Covering Network Tracks
Knowledge of Covering System Tracks
Knowledge of Containment, Eradication, and Recovery Processes
Penetration testing |Ethical Hacking Phases
Various Network Attacks
Different Types of Malware
GCIH page: https://www.giac.org/certification/certified-incident-handler-gcih
3) Incident Handling & Response Professional (IHRP)
IHRP certification by eLearnSecurity is a practical demonstration of incident handling and response expertise. eLearnSecurity evaluates the incident handling and response capabilities of individuals through practical exams.
Who Should IHRP Credential?
- Incident Handlers
- Incident Responders
- IT Security Personnel
- Red Teamers
- SOC Members
- Computer Security Incident Response Team (CSIRT)
How to Get IHRP Credential?
eLearnSecurity has dedicated labs equipped with incident response tests. Candidates can access the exam labs through VPN. The exam comprises of practical incident response questions (scenarios) that need to be solved in a specific time. Strong networking skills, protocols knowledge, understanding of operating systems, and knowledge of security devices are prerequisite to register for IHRP certification and course. eLearnSecurity offers an online self-paced course designed to prepare candidates for IHRP certification.
IHRP Course Outline
IHRP training course consists of the following four sections and five modules. It is an online self-paced course with lifetime access to the course material.
Sections
Incident Handling Overview
Practical Incident Handling
Network Traffic and Flow Analysis
SOC 3.0 Operations & Analytics
Modules
SIEM Fundamentals & Open Source Solutions
Creating a Baseline & Detecting Deviations
SMTP, DNS & HTTP(S) Analytics
Endpoint Analytics
Logging
IHRP page: https://www.elearnsecurity.com/course/incident_handling_response_professional/
4) Certified Computer Security Incident Handler (CSIH)
Software Engineering Institute (SEI) helps organizations in identifying the skillful incident handlers by evaluating the incident response and handling expertise of the individuals. Those who possess the desired capabilities earn Certified Computer Security Incident Handler (CSIH) credential.
Who Should Get CSIH Credential?
- Military Personnel, civilians, and contractors (who handle information systems)
- Incident Handlers
- Incident Responders
- System Administrators
- Network Administrators
- Cyber-security personnel
How to Avail CSIH Credential?
In order to avail CSIH credential, candidates must send the application to SEI. Those with approved applications can apply for CSIH exam. CSIH exam has the following outlines.
Exam Type: Proctored Exam
Total Questions: 65
Passing score: 78%
CSIH Course Outline
CISIH exam can be broken down into the following five areas.
1) How to Protect Infrastructure
2) Incident/Event Detection
3) Triage and Analysis
4) Incident Response
5) How to Sustain
CSIH page: https://www.sei.cmu.edu/education-outreach/courses/course.cfm?courseCode=V41
5) Certified Incident Handling Engineer (CIHE)
The National Initiative for Cybersecurity Careers and Studies (NICCS) awards CIHE certifications to those who successfully complete the 4-days training comprising incident response/handling course and labs. NICCS is an online cyber-security training resource managed by the Cybersecurity Education and Awareness Branch (CE&A) in the Department of Homeland Security (DHS).
Who Should Get CIHE?
- Incident Handlers
- Incident Responders
- Cyber-security Personnel
- Penetration Testers
- Contractors
- Federal Employees
How to Get CIHE Credential?
Anybody who successfully completes the CIHE course + Lab assignments is eligible for CIHE certification. CIHE is an advanced level course that requires A+, Net+, Sec+, Linux+, MS Operating, and C)PTE (Certified Penetration Testing Engineer) credential as pre-requisites.
CIHE Course Details
The course followed for CIHE credential comprises of the following modules.
Module 1: Introduction
Module 2: Threats, Vulnerabilities, and Exploits
Module 3: Identification of Incidents and Initial Response
Module 4: Request Tracker for Incident Response (RTIR)
Module 5: Initial Response
Module 6: Identification and Initial Response
Module 7: Sysinternals
Module 8: Containment Phase
Module 9: Eradication Process
Module 10: Follow-Up Procedures
Module 11: Recovery Steps
Module 12: Security of Virtual Machine
Module 13: Malware Incident Response
Apart from course content, the students have to spend 20 hours or more performing lab assignments,
CIHE page: https://niccs.us-cert.gov/training/search/mile2/certified-incident-handling-engineer-cihe
Leave a Reply