CERT-CSIH Domain #2: Event/Incident Detection


The CERT-CSIH has multiple domains that need to be well understood if you are going to pass the exam. Just as we saw in our previous article relating to Domain #1 and its requirements, we will be taking a deeper look at Domain #2: Event/Incident Detection. This domain is more heavily weighted than the first one, and as such, there is more to learn and understand.

Below are the exam objectives and their weighting:

AWS Builder Community Hub
  • Protect Infrastructure 7%
  • Event/Incident Detection 17%
  • Triage & Analysis 28%
  • Respond 40%
  • Sustain 8%

Event/Incident Detection covers a whole host of different technologies and practices, so we will take a look at some common examples that you should be familiar with for the exam. Some of these concepts are probably already familiar to most candidates that are looking to certify their CSIH, so we won’t look at too much detail. We will focus on what the exam is looking to gauge in terms of your understanding and knowledge on the subject.

Event/Incident Detection

There are many different elements that go into this section of the exam, from monitoring event activity to creating reports in the aftermath of an incident. Even though the exam weighting is at 17%, there is still a lot of information to get through and to understand. We will look at each of the exam subheadings and then go into a little detail about what you could be facing in the exam.   

Monitor networks and information systems for security

This is a major part of the incident-handling job role. The main reason is primarily because the detection phase of an incident can mean the difference between a close call, and major damage to the business — both reputational and financial. Detecting suspicious behavior early means that any potential damage that might (Read more...)

*** This is a Security Bloggers Network syndicated blog from InfoSec Resources authored by Graeme Messina. Read the original post at: