GCIH - GIAC Certified Incident Handler
The GCIH is a security certification that demonstrates that the owner has the skills and knowledge to properly respond to and manage incidents as well as defend against them.
It is maintained by the SANS Institute (SysAdmin, Audit, Network, Security).
The GCIH is a hands-on certification that covers incident handling and defense. This includes concepts such as recovering from attacks, defense as well as incident handling process.
The SANS Institute offers a course for preparing for this certification. The course is called Hacker Techniques, Exploits & Incident Handling and is listed as SEC-504.
The course can be taken through self-study or via a SANS conference or course.
Three separate levels are available through the GIAC certification tree (of which GCIH is part). By completing this certification, the individual is at the Silver level of certification.
The Gold level of certification requires the candidate to write a detailed technical report/white paper. If the paper is accepted, they will be certified as Gold level.
The Platinum level is the highest certification available and requires multiple Silver certifications. To obtain this certification, extensive testing, research and assignments are required.
To be considered certified, the following criteria must be satisfied:
This certification must be renewed every four years.
- The candidate must pay an examination fee. This fee can be added onto a self-study course, a conference course or paid by itself (called a challenge certificate);
- The candidate must pass two online exams, both multiple choice with time limits.