<p>Incident responders detect, identify and contain cyberattacks to minimize damage on business operations. To effectively do this and be valuable members of the <a href=”https://www.techtarget.com/searchsecurity/definition/incident-response-team”>incident response team</a>, security professionals must know how to analyze logs, assemble and use an arsenal of security tools and processes, conduct threat hunting exercises, and <a href=”https://www.techtarget.com/searchsecurity/feature/5-critical-steps-to-creating-an-effective-incident-response-plan”>prepare and test incident response plans</a> and playbooks.</p>
<p>Further, incident responders require an understanding of active threat groups and their techniques, tactics and procedures. Incident responders also need strong knowledge of cybersecurity and networking principles, especially regarding <a href=”https://www.techtarget.com/searchnetworking/tip/An-introduction-to-cloud-network-architecture”>common cloud architectures</a>.</p>
<p>To bolster career progression and cybersecurity skills, incident responders should determine how best to learn and then demonstrate their knowledge. Many security professionals do this by earning an incident response certification.</p>
<p>This article discusses incident response certifications and cybersecurity certifications to consider if interested in an incident response-specific role. While the certifications focus on incident response, cybersecurity professionals can apply them toward other industry careers, including penetration tester, <a href=”https://www.techtarget.com/searchsecurity/definition/computer-forensics”>digital forensics</a> investigator and cybersecurity engineer.</p>
<section class=”section main-article-chapter” data-menu-title=”EC-Council Certified Incident Handler (ECIH)”>
<h2 class=”section-title”><i class=”icon” data-icon=”1″></i>EC-Council Certified Incident Handler (ECIH)</h2>
<p>Many incident response newcomers start by looking at EC-Council’s ECIH. The ECIH <a target=”_blank” href=”https://www.eccouncil.org/train-certify/ec-council-certified-incident-handler-ecih/” rel=”noopener”>program</a> teaches candidates how to quickly detect, contain and respond to incidents, as well as address post-breach issues. The ECIH course is split into 10 modules with hands-on labs:</p>
<ol type=”1″ start=”1″ class=”default-list”>
<li>Introduction to incident handling and response.</li>
<li>Incident handling and response process.</li>
<li>First response.</li>
<li>Handling and responding to malware incidents.</li>
<li>Handling and responding to email security incidents.</li>
<li>Handling and responding to network security incidents.</li>
<li>Handling and responding to web application security incidents.</li>
<li>Handling and responding to cloud security incidents.</li>
<li>Handling and responding to insider threats.</li>
<li>Handling and responding to endpoint security incidents.</li>
</ol>
<p>The ECIH course is available for self-study or as a three-day class, online or at an EC-Council Accredited Training Center.</p>
<p>While the certification is widely recognized in the industry, some industry professionals deem it too basic. Many experienced incident responders recommend that new cybersecurity professionals should consider more challenging incident response certificates instead. Further, EC-Council’s reputation has been questioned due to past plagiarism incidents and data breaches.</p>
<p>The ECIH exam, consisting of 100 multiple-choice questions to be completed within three hours, requires a 70% passing score. Candidates must have a prerequisite three years of cybersecurity experience. After passing, certification holders must renew ECIH every three years.</p>
</section>
<section class=”section main-article-chapter” data-menu-title=”GIAC Certified Incident Handler (GCIH)”>
<h2 class=”section-title”><i class=”icon” data-icon=”1″></i>GIAC Certified Incident Handler (GCIH)</h2>
<p>Global Information Assurance Certification’s GCIH <a target=”_blank” href=”https://www.giac.org/certifications/certified-incident-handler-gcih/” rel=”noopener”>course</a> offers some of the broadest incident response coverage. The certification, based on the six-day SANS Institute SEC504: Hacker Tools, Techniques and Incident Handling course, has a reputation of providing actionable and useful real-world knowledge. It focuses on incident response from the attacker’s perspective to help defenders understand how to best react.</p>
<p><a target=”_blank” href=”https://www.sans.org/cyber-security-cou
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: