CERT Computer Security Incident Handler
When a highly-visible and -respected security organization like CERT (Computer Emergency Response Team, part of the Software Engineering Institute or SEI, a federally funded research and development center operated by Carnegie-Mellon University in Pittsburgh, itself a top-ranked computer science graduate program) gets behind a security certification, it’s probably worth noting. That’s why the CERT’s newly-announced Computer Security Incident Handler (IH) certification is definitely noteworthy, and worth mentioning in our newsletter.
Incident handling is a discipline of computer security that deals with creating and managing incident response teams, and also with planning for, responding to, and documenting computer security incidents of all kinds—which may mean anything from denial of service attacks to long-term, subtle attempts to infiltrate and take over systems and networks. Thus, the IH certification focuses on incident handling, information security, and related team-building and management activities.
The requirements for the IH are pretty stiff:
- A four course sequence from the SEI or its licensees is mandatory:
· Creating a Computer Security Incident Response Team (CSIRT; 1 day)
· Information Security for Technical Staff (5 days)
· Managing CSIRTs (3 days) or Fundamentals of Incident Handling (5 days)
· Advanced Incident Handling (5 days)
- A single elective (non-SEI) course from an ABET-accredited college or university or that offers 5 CEUs in any of these topics: computer forensics, intrusion detection and analysis, or security audits and assessments.
- At least three years of experience in incident handling, either in a management or a technical role.
- A letter of recommendation from a current or previous manager.
- Successful completion of an evaluation administered by the SEI.
The best candidates are those who handle incidents as part of their everyday jobs, those who manage CSIRTS, system or network administrators with incident handling experience, trainers or educators in the incident handling field, or those who wish to work in this field and have the required technical training and background. The IH certification is good for 3 years; successful renewal requires additional CEUs and relevant work experience.
For more information, see the IH program description (http://www.cert.org/certification/) and FAQ (http://www.cert.org/certification/IHcertification_faq.html).