• RSS
  • Twitter
  • FaceBook

Security Forums

Log in

FAQ | Search | Usergroups | Profile | Register | RSS | Posting Guidelines | Recent Posts

CERT Introduces New Incident Handler Certification

Users browsing this topic:0 Security Fans, 0 Stealth Security Fans
Registered Security Fans: None
Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> General Security Discussion

View previous topic :: View next topic  
Author Message
Rottz
Just Arrived
Just Arrived


Joined: 29 Mar 2003
Posts: 3
Location: East Coast, USA

Offline

PostPosted: Mon Jul 21, 2003 6:59 pm    Post subject: CERT Introduces New Incident Handler Certification Reply with quote

CERT Introduces New Incident Handler Certification
By Emily Hollis(ehollis@certmag.com)

The Software Engineering Institute’s (SEI’s) CERT Coordination Center (CERT/CC) has introduced a new certification for IT professionals who want to work in computer security incident handling: the CERT-Certified Computer Security Incident Handler.

This credential is designed for professionals working as incident handlers, computer security incident response team (CSIRT) managers, system and network administrators with incident handling experience, incident handling trainers and those who have some technical training and want to get into incident handling as a career. CERT/CC recommends at least three years of experience in incident handling before pursuing certification as an Incident Handler.

Requirements for the new certification include coursework, experience and exams. Candidates first must take four courses from the SEI. These include a one-day course on creating a CSIRT, a five-day course on information security for technicians, a five-day course in advanced incident handling and a choice of a three-day course on managing CSIRTs (for managers) or a five-day class on the fundamentals of incident handling (for technicians). Candidates must also take a non-SEI elective course in computer forensics, intrusion detection and analysis or security audits and assessments from an ABET-accredited college or university.

In addition to completing the coursework, candidates must have three years of experience, either managerial or technical, in incident handling. They must also provide a letter of recommendation from a current or previous manager. Finally, candidates must successfully pass an exam administered by the SEI. Candidates will be charged the $150 fee when they apply to take the exam. Those who don’t pass on the first try can take the test one more time without paying an additional fee.

The Incident Handler certification is good for three years, and the application fee for renewal, like the exam application fee, is $150. To renew the certification, certificants must acquire five CEUs (credits for continuing education) in computer forensics, intrusion detection and analysis or security audits and assessments. Also, certificants must prove two years of experience performing incident handling or management functions for an organization or conducting research in computer security at an ABET-accredited university or at a federally funded research and development lab.

For more information on this new security certification option, check out http://www.cert.org/certification/

source: http://www.certmag.com/articles/anmviewer.asp?a=339&z=37

Looks interesting.
Also checkout the FAQ
and incase your wondering....
Who should apply
  • incident handlers
  • managers of CSIRTs
  • system and network administrators who have incident handling experience
  • trainers and educators in the incident handling field
  • individuals who wish to enter into the field of incident handling and who have requisite technical training
Back to top
View user's profile Send private message Visit poster's website AIM Address Yahoo Messenger MSN Messenger
alt.don
SF Boss
SF Boss


Joined: 04 Mar 2003
Posts: 16777079


Offline

PostPosted: Mon Jul 21, 2003 8:00 pm    Post subject: Reply with quote

The cert sounds decent. It does seem a lot like the GCIH cert offered by SANS as well. http://www.giac.org/subject_certs.php#GCIH
Back to top
View user's profile Send private message Visit poster's website
Rottz
Just Arrived
Just Arrived


Joined: 29 Mar 2003
Posts: 3
Location: East Coast, USA

Offline

PostPosted: Mon Jul 21, 2003 8:07 pm    Post subject: Reply with quote

alt.don wrote:
The cert sounds decent. It does seem a lot like the GCIH cert offered by SANS as well.

But wouldn't you think CERT would be a better place to get it? Since they are better known for Incident handling, and handle ALOT more incidents? Not to mentioned backed by the US government.
Back to top
View user's profile Send private message Visit poster's website AIM Address Yahoo Messenger MSN Messenger
alt.don
SF Boss
SF Boss


Joined: 04 Mar 2003
Posts: 16777079


Offline

PostPosted: Mon Jul 21, 2003 8:13 pm    Post subject: Reply with quote

To answer your questions yes and no. It does not require a great deal of handled incidents, as it were to be become good enough at it so you can teach. It is all about having a structured approach, and how you deal with the situation obviously. Most of these courses are all about showing you a framework, and how to apply it to given situations. You can never replace experience.
As to the government backing certcc? Well I don't see that as a redeeming factor if you ask me. CERTCC already got themselves in shit for showing favouritism to certain companies, and the government when it came to realising vulnerability information prior to informing the general public.
Don't get me wrong though I am not a lover of SANS/GIAC and how they do business either.
Back to top
View user's profile Send private message Visit poster's website
Rottz
Just Arrived
Just Arrived


Joined: 29 Mar 2003
Posts: 3
Location: East Coast, USA

Offline

PostPosted: Mon Jul 21, 2003 8:19 pm    Post subject: Reply with quote

alt.don wrote:
You can never replace experience.

Thats my point, CERT has alot more experience in incident handling than SANS, so I'd figure they would be better teachers and give you a better framework/enviroment to learn from. They handle more incidents than anyone, I'm sure they've learned a thing or two more than the ones who handle only a few. They also seem to have the most documentation on the subject and seem to be defacto standard for it. Which would make them more respectable, if you had a certification from them.
Back to top
View user's profile Send private message Visit poster's website AIM Address Yahoo Messenger MSN Messenger
alt.don
SF Boss
SF Boss


Joined: 04 Mar 2003
Posts: 16777079


Offline

PostPosted: Mon Jul 21, 2003 8:26 pm    Post subject: Reply with quote

Indeed they have the most experience in the field. There comes a certain point though that only so much can be passed on in one course. Notably the one being offered by CERTCC. The thing I like about SANS is that you have to do a written practical, and usually some exams I believe. By looking at their site and posted practicals for that category I believe I would go with SANS on this one for incident handling training.
http://www.giac.org/GCIH.php
Back to top
View user's profile Send private message Visit poster's website
Rottz
Just Arrived
Just Arrived


Joined: 29 Mar 2003
Posts: 3
Location: East Coast, USA

Offline

PostPosted: Mon Jul 21, 2003 8:42 pm    Post subject: Reply with quote

alt.don wrote:
The thing I like about SANS is that you have to do a written practical, and usually some exams I believe. By looking at their site and posted practicals for that category I believe I would go with SANS on this one for incident handling training.

Yes, but CERT's is only $150 for the test and renewal which is 3yrs instead of 2yrs. SANS is $450(challenge) or $250(online) + $175 renewal every 2yrs. So it would be more expensive, you'd have renew more, for a company that isn't as reconized for incident handling? Rolling Eyes
Back to top
View user's profile Send private message Visit poster's website AIM Address Yahoo Messenger MSN Messenger
alt.don
SF Boss
SF Boss


Joined: 04 Mar 2003
Posts: 16777079


Offline

PostPosted: Mon Jul 21, 2003 8:44 pm    Post subject: Reply with quote

SANS is not as known for incident handling in your opinion. SANS has quicly become "the" technical certification to have. That includes the GCIH track as well. Also the build up courses that CERTCC refers to as prerequisites are not free either. Add up the total cost and you are probably worse off then if you took the GCIH.
Back to top
View user's profile Send private message Visit poster's website
b4rtm4n
Trusted SF Member
Trusted SF Member


Joined: 26 May 2002
Posts: 16777206
Location: Bi Mon Sci Fi Con

Offline

PostPosted: Tue Jul 22, 2003 1:57 pm    Post subject: Reply with quote

I've spent a fair bit of time today reading through some of the papers posted on the GIAC site http://www.giac.org/cert.php.

These make excellent reading even for those not interested in taking the certs. There are a few real gems in there.
Back to top
View user's profile Send private message Send e-mail
Display posts from previous:   

Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> General Security Discussion All times are GMT + 2 Hours
Page 1 of 1


 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Community Area

Log in | Register