GIAC Certified Incident Handler (GCIH) Certification

  1. GCIH Information

5 Myths of Cloud Computing - HP

7 Deadly Network Security Sins: A Guide for Protection

Best Practices for Making BYOD Simple and Secure

What is the GCIH certification?
The GIAC Certified Incident Handler (GCIH) certification is an IT/IS security credential aimed at demonstrating an individual’s proficiency and understanding in detecting, responding and resolving computer security incidents in a corporate environment. GIAC was founded by the SANS Institute (a private U.S. company) back in 1999. While the two entities are related and therefore work closely together, candidates are not required to undergo SANS training in order to take the GCIH exam.
Who is the GCIH certification for?
The GCIH certification is aimed at I.T. professionals who wish to demonstrate proficiency and understanding of typical threats to enterprise systems and networks. Employees who would benefit from gaining the GIAC GCIH certification are likely to have (or wish to seek) job roles where the knowledge and skills to manage security incidents, understand common attack techniques, have a knowledge of attack tools and know how to defend against, and respond to, such attacks as and when they happen are required.

According to sources such as, there can be anything up to a US$100,000 spread in salary for GCIH certification holders depending on their job title. Anything from US$50,000 to US$150,000 can be expected in the roles where a GCIH certification complements the holder’s day-to-day job activities. Typical job titles for GCIH-qualified professionals include:
  • Information Security Analyst
  • Security Engineer
  • Information Security Manager
  • Network/Firewall Administrator
Are there any prerequisites to the GCIH certification?
There are no special prerequisites for candidates wishing to take the GCIH exam.
What does the GCIH exam cover?
There are 25 specialist domains covered in the exam, including topics such as:
  • Backdoors and Trojan Horses
  • Denial of Service Attacks
  • Exploiting Systems
  • Incident Handling
  • IP Address Spoofing
  • Network Sniffing
  • Password Attacks
  • Rootkits
  • Scanning
  • Worms, Bots and Bot-Nets, etc.
For a full list of topics potentially covered in the exam, click here.
How do I earn the GCIH certification?
Candidates wanting to earn the GCIH certification need to pass one exam which consists of 150 multiple-choice questions. The time allocated to complete the exam is 4 hours. The passing score for the GCIH exam is 72%.

The exam is ‘open book’ meaning that candidates may bring into the testing facility with them any printed notes, text books and other similar material that they wish (keep in mind though that there might be limited desk or working space in the testing area). Electronic devices such as smart phones, tablets, USB drives or similar devices are not permitted in the testing area. Candidates will not be permitted access to searchable files such as word documents, PDF’s and the like, or open Internet access.
How much does the GCIH exam cost?
The GIAC Certified Incident Handler (GCIH) exam costs US$1049. The fees must be paid up front and the candidate has 120 days from the approval of their application to take the exam.
Where can I take the GCIH exam?
GCIH exams are proctored through Pearson VUE testing facilities worldwide. Always check ahead with your nearest testing facility to ascertain current exam costs and availability of the GCIH exam.

Before scheduling an exam date, candidates will need to register an account with SANS/GIAC.
GCIH recertification requirements
The GCIH credential is valid for 4 years. Candidates can keep their credential valid by either retaking the GCIH exam or by earning 36 CPE (Continued Professional Education) points in the final two years of their credential life cycle. CPE points can be earned in a variety of ways, including (but not limited to):
  • Work Experience
  • Official Training Courses
  • Seminars
  • Teaching or Mentoring
  • Writing Papers
  • Self-Study Courses
A US$399 certification renewal fee is also payable every 4 years. Full information about the GCIH renewal process can be found here.