CERT®-Certified Computer Security Incident Handler

Training CERT Training Courses Incident Handling Certification
Remote Training & Resources Virtual Training Environment Survivability & Information Assurance Curriculum

Publications Catalog Historical Documents CSIRT Development Information CMU Master of Information Systems Management CMU Heinz School SEI Public Courses SEI Credentials Program

CERT^®-Certified Computer Security Incident Handler

The CERT^®-Certified Computer Security Incident Handler (CSIH) certification program has been created for incident handling professionals, computer security incident response team (CSIRT) technical staff, system and network administrators with incident handling experience, incident handling trainers and educators, and individuals with some technical training who want to enter the incident handling field. It is recommended for those computer security professionals with three or more years of experience in incident handling and/or equivalent security-related experience.

Requirements for earning certification

Completion of a three-course sequence from the Software Engineering Institute (SEI) or its licensees (SEI Partner Network):

Information Security for Technical Staff (5 days) or Advanced Information Security for Technical Staff (5 days)
Fundamentals of Incident Handling (5 days)
Advanced Incident Handling (5 days)

Advancement Placement- Attendance credit may be awarded to an individual for the Information Security for Technical Staff (5 days) course by having one of the following current certifications:

Security+ Certification (CompTIA)
GIAC Security Essentials –GSEC (SANS Institute)

Three (3) or more years of experience in incident handling in a technical and/or management role within seven (7) years of submission of the Certification Application. You will need to provide a detailed resume listing experiences. (See the CSIH FAQ for more details on experience that meets the criteria for application.)

Submission of the Certification Application package:
- Completed Certification Application
- Completed resume detailing work experience in the incident management field
- Completed Certification Recommendation Form signed by your current manager
- A $200 (US) payment (made payable to the Software Engineering Institute) to be applied toward the certification examination fee ($150) and the non-refundable processing fee ($50)
Successful completion of the application review by the SEI

Passing the certification examination

Who should apply

incident handling professionals
CSIRT technical staff
system and network administrators who have incident handling experience
trainers and educators in the incident handling field
individuals who wish to enter into the field of incident handling and who have requisite technical training and experience

Benefits of the CERT-Certified Computer Security Incident Handler Certification

Obtaining a CSIH certification provides you with the foundation knowledge and skills to be highly successful as a leader or member of a computer security incident response team.

The certification provides you with

a methodology for performing incident management tasks and activities
best practices for effectively handling computer security incidents
a framework for evaluating your teams operations and implementing process improvements
confidence in your abilities to work efficiently and effectively in a CSIRT

Upon completion of the CSIH certification you will

be recognized as a Computer Security Incident Handler professional by the Software Engineering Institute's CERT program and your peers in the global incident handling community
be able to demonstrate that you have attained knowledge specifically focused on computer security incident handling activities
be trained to handle diverse aspects of incident management ranging from using technical expertise to prepare for, detect, analyze, and respond to security events to applying best practices in operating a team
have achieved the knowledge, skills, and abilities to be a highly successful security professional

Once you have received certification, you will be sent an SEI Welcome Packet that will include access to an SEI members-only web site, CERT-certified logo, and special benefits offered only to CERT-certified professionals.

Certification renewal

The purpose of certification renewal is to ensure that as a CERT-certified professional you maintain a continuous level of knowledge by enhancing and improving the skills you demonstrated when you originally completed the certification process. This renewal requirement is intended to encourage professionals to remain current with the latest computer security attack trends, resolution and mitigation strategies, to continue to learn about improved incident handling tools, and to keep abreast of CSIRT best practices, processes, and standards.

Certifications are valid for three (3) years from the award date and expire on the last day of the month in which you were certified.
Renewal involves continuing education or professional experience as measured by a Professional Development Unit obtained by participating in qualifying events equal to 60 PDUs. See the Certification Renewal page for more details.
If you do not renew, your certification will lapse and the SEI will retire your certification. To be reinstated, you will need to reapply via the Certification Application.

For additional information about the CSIH certification program, please consult our FAQ.

General Information

Certification Forms

Last updated July 9, 2008