Certification: GCIH

Certification:

GIAC Certified Incident Handler (GCIH)

Security Professionals that want to demonstrate they are qualified for IT systems hands-on roles with respect to security tasks. Candidates are required to demonstrate an understanding of information security beyond simple terminology and concepts.

See the GIAC website for additional details on the GCIH certification.

Exam Certification Objectives
Objectives Objective Outcome Statement
Incident Handling: Identification The candidate will demonstrate an understanding of important strategies to gather events, analyze them, and determine if we have an incident.
Incident Handling: Overview and Preparation The candidate will demonstrate an understanding of what Incident Handling is, why it is important, and an understanding of best practices to take in preparation for an Incident.
Buffer Overflows and Format String Attacks The candidate will demonstrate an understanding of how buffer overflows and format string attacks work and how to defend against them.
Client Attacks The candidate will demonstrate an understanding of various client attacks and how to defend against them.
Covering Tracks: Networks The candidate will demonstrate an understanding of how attackers use tunneling and covert channels to cover their tracks on a network, and the strategies involved in defending against them.
Covering Tracks: Systems The candidate will demonstrate an understanding of how attackers hide files and directories on Windows and Linux hosts and how they attempt to cover their tracks.
Denial of Service Attacks The candidate will demonstrate a comprehensive understanding of the different kinds of Denial of Service attacks and how to defend against them.
Incident Handling: Containment The candidate will demonstrate an understanding of high-level strategies to prevent an attacker from causing further damage to the victim after discovering the incident.
Incident Handling: Eradication, Recovery, and Lessons Learned The candidate will demonstrate an understanding of the general approaches to get rid of the attacker's artifacts on compromised machines, the general strategy to safely restore operations, and the importance of the incident report and lessons learned meetings.
Network Attacks The candidate will demonstrate an understanding of various network attacks and how to defend against them.
Password Attacks The candidate will demonstrate a detailed understanding of the three methods of password cracking.
Reconnaissance The candidate will demonstrate an understanding of public and open source reconnaissance techniques.
Scanning: Discovery and Mapping The candidate will demonstrate an understanding of scanning fundamentals; to discover and map networks and hosts, and reveal services and vulnerabilities.
Scanning: Techniques and Defense The candidate will demonstrate an understanding of the techniques and tools used in scanning, and how to response and prepare against scanning.
Session Hijacking and Cache Poisoning The candidate will demonstrate an understanding of tools and techniques used to perform session hijacking and cache poisoning, and how to respond and prepare against these attacks.
Techniques for maintaining access The candidate will demonstrate an understanding of how backdoors, trojan horses, and rootkits operate, what their capabilities are and how to defend against them.
Web Application Attacks The candidate will demonstrate an understanding of the value of the Open Web Application Security Project (OWASP), as well as different Web App attacks such as account harvesting, SQL injection, Cross-Site Scripting and other Web Session attacks.
Worms, Bots & Bot-Nets The candidate will demonstrate a detailed understanding of what worms, bots and bot-nets are, and how to protect against them.