Cyber Security Certification: GCIH

Cyber Security Certification: GCIH


The GIAC Incident Handler certification validates a practitioner's ability to detect, respond, and resolve computer security incidents using a wide range of essential security skills. GCIH certification holders have the knowledge needed to manage security incidents by understanding common attack techniques, vectors and tools, as well as defend against and respond to such attacks when they occur.

Areas Covered

Who is GCIH for?

GCIH with CyberLive

GIAC knows that cyber security professionals need:

In response to this industry-wide need, GIAC developed CyberLive - hands-on, real-world practical testing.

CyberLive testing creates a lab environment where cyber practitioners prove their knowledge, understanding, and skill using:

Candidates are asked practical questions that require performance of real-world-like tasks that mimic specialized job roles.

Find out more about CyberLive here.

Requirements

Note:

GIAC reserves the right to change the specifications for each certification without notice. Based on a scientific passing point study, the passing point for the GCIH exam has been determined to be 73% for all candidates receiving access to their certification attempts on or after September 8th, 2016. To verify the format and passing point of your specific certification attempt, read the Certification Information found in your account at https://exams.giac.org/pages/attempts.

Delivery

NOTE: All GIAC exams are delivered through proctored test centers and must be scheduled in advance.
GIAC certification attempts will be activated in your GIAC account after your application has been approved and according to the terms of your purchase. Details on delivery will be provided along with your registration confirmation upon payment. You will receive an email notification when your certification attempt has been activated in your account. You will have 120 days from the date of activation to complete your certification attempt. GIAC exams must be proctored through Pearson VUE. Please click the following link for instructions on How to Schedule Your GIAC Proctored Exam http://www.giac.org/information/schedule_proctored_exam.pdf. GIAC exams are delivered online through a standard web browser.


Exam Certification Objectives & Outcome Statements

The topic areas for each exam part follow:

Incident Handling: Identification
The candidate will demonstrate an understanding of important strategies to gather events, analyze them, and determine if we have an incident.
Incident Handling: Overview and Preparation
The candidate will demonstrate an understanding of what Incident Handling is, why it is important, and an understanding of best practices to take in preparation for an Incident.
Client Attacks
The candidate will demonstrate an understanding of various client attacks and how to defend against them.
Covering Tracks: Networks
The candidate will demonstrate an understanding of how attackers use tunneling and covert channels to cover their tracks on a network, and the strategies involved in defending against them.
Covering Tracks: Systems
The candidate will demonstrate an understanding of how attackers hide files and directories on Windows and Linux hosts and how they attempt to cover their tracks.
Denial of Service Attacks
The candidate will demonstrate a comprehensive understanding of the different kinds of Denial of Service attacks and how to defend against them.
Incident Handling: Containment
The candidate will demonstrate an understanding of high-level strategies to prevent an attacker from causing further damage to the victim after discovering the incident.
Incident Handling: Eradication, Recovery, and Lessons Learned
The candidate will demonstrate an understanding of the general approaches to get rid of the attacker's artifacts on compromised machines, the general strategy to safely restore operations, and the importance of the incident report and lessons learned meetings.
Network Attacks
The candidate will demonstrate an understanding of various network attacks and how to defend against them.
Overflow Attacks
The candidate will demonstrate an understanding of how overflow attacks work and how to defend against them.
Password Attacks
The candidate will demonstrate a detailed understanding of the three methods of password cracking.
Reconnaissance
The candidate will demonstrate an understanding of public and open source reconnaissance techniques.
Scanning: Discovery and Mapping
The candidate will demonstrate an understanding of scanning fundamentals; to discover and map networks and hosts, and reveal services and vulnerabilities.
Scanning: Techniques and Defense
The candidate will demonstrate an understanding of the techniques and tools used in scanning, and how to respond to and prepare against scanning.
Session Hijacking and Cache Poisoning
The candidate will demonstrate an understanding of tools and techniques used to perform session hijacking and cache poisoning, and how to respond and prepare against these attacks.
Techniques for maintaining access
The candidate will demonstrate an understanding of how backdoors, trojan horses, and rootkits operate, what their capabilities are and how to defend against them.
Web Application Attacks
The candidate will demonstrate an understanding of the value of the Open Web Application Security Project (OWASP), as well as different Web App attacks such as account harvesting, SQL injection, Cross-Site Scripting and other Web Session attacks.
Worms, Bots & Bot-Nets
The candidate will demonstrate a detailed understanding of what worms, bots and bot-nets are, and how to protect against them.

*No Specific training is required for any GIAC certification. There are many sources of information available regarding the certification objectives' knowledge areas. Practical experience is an option; there are also numerous books on the market covering Computer Information Security. Another option is any relevant courses from training providers, including SANS.*

Other Resources