Security Bloggers Network 
SBN

CERT-CSIH – Exam Information

by Rodika Tollefson on January 9, 2019

Many cybersecurity professionals consider certifications an essential part of advancing in the field. So do employers looking for talent. According to the job-analytics company Burning Glass Technologies, more than a third of job openings in cybersecurity ask for a certification, compared to less than a quarter of all jobs in IT.

If you’re interested in a career in incident response, one certification to consider is Computer Security Incident Handler (CSIH) from CERT, a division of the Software Engineering Institute (SEI) at Carnegie Mellon University. Although not as popular as some other similar certifications, CERT-CSIH is a solid credential and SEI has a longstanding reputation in doing work with the Department of Defense and other government agencies, as well as the private sector.

Incident responder is one of the industry’s top-paying jobs, according to Tripwire. As the role requires a broad range of skills — from Web-application security and threat detection to forensics — CERT-CSIH is a good way to demonstrate you have the knowledge of the latest best practices, can produce high-quality results and have the skills and ability to help your employer achieve its objectives.

Topics Covered on the CERT-CSIH Exam

The closed-book CERT-CSIH exam contains a total of 65 questions in five content areas: infrastructure protection, event and incident detection, triage and analysis, response and sustainability. The certification was designed for military, contractor and civilian personnel based on a rigorous multi-phase process that included a panel of subject-matter experts and multiple reviewers.

Here’s a sampling of topics that each section covers:

Protect Infrastructure (7 percent of the exam)

  • Implement infrastructure changes to help mitigate an incident or potential vulnerability exploitation
  • Give guidance to your constituents (e.g., CISO or IT administrator) on best practices for protecting information systems (IS)

Event/Incident Detection (17 percent)

*** This is a Security Bloggers Network syndicated blog from InfoSec Resources authored by Rodika Tollefson. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/k10uZHRiuUM/

Rodika Tollefson