Global Certified Incident Handler

ncident handlers manage security incidents by understanding common attack techniques, vectors and tools as well as defending against and/or responding to such attacks when they occur. The Global Certified Incident Handler (GCIH) certification focuses on detecting, responding, and resolving computer security incidents and covers the following security techniques:

• The steps of the incident handling process
• Detecting malicious applications and network activity
• Common attack techniques that compromise hosts
• Detecting and analyzing system and network vulnerabilities
• Continuous process improvement by discovering the root causes of incidents

The topic areas for each exam part follow:

1. Incident Handling - Identification: The candidate will demonstrate an understanding of important strategies to gather events, analyze them, and determine if we have an incident.
2. Incident Handling: Overview and Preparation: The candidate will demonstrate an understanding of what Incident Handling is, why it is important, and an understanding of best practices to take in preparation for an Incident.
3. Client Attacks: The candidate will demonstrate an understanding of various client attacks and how to defend against them.
4. Covering Tracks - Networks: The candidate will demonstrate an understanding of how attackers use tunneling and covert channels to cover their tracks on a network, and the strategies involved in defending against them.
5. Covering Tracks - Systems: The candidate will demonstrate an understanding of how attackers hide files and directories on Windows and Linux hosts and how they attempt to cover their tracks.
6. Denial of Service Attacks: The candidate will demonstrate a comprehensive understanding of the different kinds of Denial of Service attacks and how to defend against them.
7. Incident Handling - Containment: The candidate will demonstrate an understanding of high-level strategies to prevent an attacker from causing further damage to the victim after discovering the incident.
8. Incident Handling - Eradication, Recovery, and Lessons Learned: The candidate will demonstrate an understanding of the general approaches to get rid of the attacker's artifacts on compromised machines, the general strategy to safely restore operations, and the importance of the incident report and lessons learned meetings.
9. Network Attacks: The candidate will demonstrate an understanding of various network attacks and how to defend against them.
10. Overflow Attacks: The candidate will demonstrate an understanding of how overflow attacks work and how to defend against them.
11. Password Attacks: The candidate will demonstrate a detailed understanding of the three methods of password cracking.
12. Reconnaissance: The candidate will demonstrate an understanding of public and open source reconnaissance techniques.
13. Scanning - Discovery and Mapping: The candidate will demonstrate an understanding of scanning fundamentals; to discover and map networks and hosts, and reveal services and vulnerabilities.
14. Scanning - Techniques and Defense: The candidate will demonstrate an understanding of the techniques and tools used in scanning, and how to response and prepare against scanning.
15. Session Hijacking and Cache Poisoning: The candidate will demonstrate an understanding of tools and techniques used to perform session hijacking and cache poisoning, and how to respond and prepare against these attacks.
16. Techniques for maintaining access: The candidate will demonstrate an understanding of how backdoors, trojan horses, and rootkits operate, what their capabilities are and how to defend against them.
17. Web Application Attacks: The candidate will demonstrate an understanding of the value of the Open Web Application Security Project (OWASP), as well as different Web App attacks such as account harvesting, SQL injection, Cross-Site Scripting and other Web Session attacks.
18. Worms, Bots & Bot-Nets: The candidate will demonstrate a detailed understanding of what worms, bots and bot-nets are, and how to protect against them.