Article

CERT creates incident-response certification

Edward Hurley, SearchSecurity.com News Writer

The Computer Emergency Response Team (CERT) is coming out with its first security certification, one aimed at helping companies deal with incident response and handling.

Perhaps few organizations are better suited to offer a Certified Computer Security Incident Handler certification than CERT, which is based at Carnegie Mellon University in Pittsburgh. The group is an independent clearinghouse of information about security vulnerabilities.

To complete the certification, candidates must pass four courses on a range of topics offered by the university's Software Engineering Institute, which manages CERT. One course focuses on creating a computer security incident-response team. Another focuses on managing such teams. Fundamental and advanced incident-handling courses are also required.

A fifth elective course on one of three topics -- computer forensics, intrusion detection or security audits -- can be taken at any accredited institution.

"We have offered courses on the subject for years," said Barbara Laswell, technical manager of practices, training and development at the institute. "We decided it was time to wrap a certification [around] it."

The certification is specific, but it should have broad appeal, Laswell said. For example, it's advanced enough for IT professionals already engaged in incident response. It is a good start for people wanting to implement incident-response teams at their companies. It would also be beneficial

    Requires Free Membership to View

for smaller companies that don't have the resources for a full incident-response team and have only one person handling the duties, she said.

In addition to the coursework, candidates much have three years' experience in incident handling, either in management or on the technical side. The candidate also needs a letter of recommendation from a manager. And candidates must pass a test administered by the Software Engineering Institute.

CERT's certification is a sign of things to come, as security becomes more specialized, said Peter Gregory, a consultant with the Woodinville, Wash.-based HartGregory Group. "I have seen that trend over the last year," he said.

Specifically, incident response is an area companies need to pay more attention to, Gregory said. Companies need to have people who can preserve forensic evidence but also get systems back up and running, he said.

"Only time will tell how good a job CERT will do administering the certification," Gregory added. "But CERT has a very good reputation, given its long-term participation in the security community."

FOR MORE INFORMATION

SearchSecurity.com news exclusive: "Cert Spotlight: CISSPs 'know' security"

SearchSecurity.com news exclusive: "Climate elevates the importance of security certifications"

SearchSecurity.com online event: "Security certifications: What they are, and why you need them"

SearchSecurity.com expert advice: "CISSP Common Body of Knowledge"

FEEDBACK: How likely are you to pursue a specific security certification like the one offered by CERT?
Send your feedback to the SearchSecurity.com news team.


There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: