Computer Security Incident Response Certification

Computer Security Incident Response Certification
Page content

About CSIR and the Certification

CSIR stands for Computer Security Incident Response.

The computer security incident response certification was created by the Computer Emergency Response Team (CERT) for certifying incident handling professionals. Since networks and communications (see image) are vulnerable to security incidents, CERT has come forth with the incident-response certification to acknowledge those with expertise in handling incidents. In short, this certification reaches out to a community of experts who have knowledge of trends and solutions to overcome computer-security threats by preventing future incidents. Once certified, individuals are able to practice incident response and handling in their career.

The incident-response certification will provide various computer security practices to individuals. Today, this certification fulfills a requirement for DoD Information Assurance personnel–as per the US DoD new directive (8570.1M). The same type of provision may also apply soon for all US Federal government employees who work in the computer security field.

Benefits: The benefits of the computer security incident response certification is to recognize people who have the knowledge of what it takes to analyze incident data so that they can recognize and respond to security risks and threats.

Certification Requirements

To be certified, candidates must pass four courses (see the next section) and have taken a fifth course in one of the following topics: computer forensics, intrusion detection or security audits.

“In addition to the coursework, candidates much have three years experience in incident handling, either in management or on the technical side. The candidate also needs a letter of recommendation from a manager. And candidates must pass a test administered by the Software Engineering Institute.” [1]

To be certified means a person has sufficient knowledge and skill in computer and network security when it comes to incident handling. It also means they know how to overcome intrusions and vulnerabilities and are able to find solutions to such problems.

Once certified as incident-response handler, the certification lasts for only 3 years, after which it will expire. Therefore, to remain certified, candidates will have to apply for the CSIH Certification Renewal. (The application fee for renewal is $150 USD.)

Throughout the duration of the certification, it is best to stay up-to-date on the latest network security risks and threats; therefore, it may be wise to attend periodical network security awareness trainings.

Program, Courses, and Exam

The CERT organization has created its first certification program, the Certified Computer Security Incident Handler (CSIH), which is specifically for incident handling professionals (or those of whom have experience), trainers and educators. It is intended for those computer security experts, educators, and trainers who already have experience in incident handling. The CSIH certification program can be earned from the Software Engineering Institute (SEI) at Carnegie Mellon University. Interested candidates must submit the Certification Application, the Certification Recommendation Form, and send in a current resume.

The courses for the certification are as follows: (1) Fundamentals of Incident Handling, (2) Advanced Incident Handling, (3) Information Security for Technical Staff, and (4) Advanced Information Security for Technical Staff. Details about the courses (topics, prerequisites, and materials), dates and schedule, as well as course fees, can be found at the SEI Web site.

Note: SEI’s CERT Virtual Training Environment ( provides online courses. (Check out the SEI eLearning Portal too.)

As part of the incident-response certification, an exam must be taken. The exam consists of 46 multiple choice questions and one essay question. A score of at least 80% is required to pass. Individuals are allotted 3-hours to complete the exam. Examination Fee: $499 (USD). (That price covers the cost to take the examination to become certified.)

Job Outlook

Protecting computer systems against vulnerabilities and attacks is critical, so there is a growing demand for computer security, networking and Internet professionals to respond to computer security incident reports and activities. Their expertise can help mitigate against future threats because they perform three valuable functions: incident reporting, incident analysis, and incident response.

Potential jobs for those who obtains CERT’s CSIR certification are…

  • Network Intelligence Analysts
  • Cyber Security Incident Responders
  • Information Assurance Engineers
  • Information Technology Risk and Security Managers

Note: Jobs may require professional certification, along with related work experience, to be adequate for some positions.

In summary, job prospects should be excellent in the near future for CSIR professionals. Work experience and expertise, most importantly, certification will likely improve an applicant’s chances for employment.