Gcih Certification Guide A Comprehensive Guide To Gcih Certification Hermans
akinwatanaid90
7 views
83 slides
May 14, 2025
Slide 1 of 83
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
About This Presentation
Gcih Certification Guide A Comprehensive Guide To Gcih Certification Hermans
Gcih Certification Guide A Comprehensive Guide To Gcih Certification Hermans
Gcih Certification Guide A Comprehensive Guide To Gcih Certification Hermans
Slide Content
Gcih Certification Guide A Comprehensive Guide
To Gcih Certification Hermans download
https://ebookbell.com/product/gcih-certification-guide-a-
comprehensive-guide-to-gcih-certification-hermans-56207698
Explore and download more ebooks at ebookbell.com
To Gcih Certification Hermans download
https://ebookbell.com/product/gcih-certification-guide-a-
comprehensive-guide-to-gcih-certification-hermans-56207698
Explore and download more ebooks at ebookbell.com
Here are some recommended products that we believe you will be
interested in. You can click the link to download.
Gcih Giac Certified Incident Handler Allinone Exam Guide Nick
Mitropoulos
https://ebookbell.com/product/gcih-giac-certified-incident-handler-
allinone-exam-guide-nick-mitropoulos-231171890
Gcih Giac Certified Incident Handler Allinone Exam Guide Nick
Mitropoulos
https://ebookbell.com/product/gcih-giac-certified-incident-handler-
allinone-exam-guide-nick-mitropoulos-44604410
Gcih Giac Certified Incident Handler Allinone Exam Guide Nick
Mitropoulos
https://ebookbell.com/product/gcih-giac-certified-incident-handler-
allinone-exam-guide-nick-mitropoulos-232210230
Ovarian Cancers Advances Through International Research Cooperation
Gineco Engot Gcig 1st Edition Eric Pujadelauraine
https://ebookbell.com/product/ovarian-cancers-advances-through-
international-research-cooperation-gineco-engot-gcig-1st-edition-eric-
pujadelauraine-5735982
interested in. You can click the link to download.
Gcih Giac Certified Incident Handler Allinone Exam Guide Nick
Mitropoulos
https://ebookbell.com/product/gcih-giac-certified-incident-handler-
allinone-exam-guide-nick-mitropoulos-231171890
Gcih Giac Certified Incident Handler Allinone Exam Guide Nick
Mitropoulos
https://ebookbell.com/product/gcih-giac-certified-incident-handler-
allinone-exam-guide-nick-mitropoulos-44604410
Gcih Giac Certified Incident Handler Allinone Exam Guide Nick
Mitropoulos
https://ebookbell.com/product/gcih-giac-certified-incident-handler-
allinone-exam-guide-nick-mitropoulos-232210230
Ovarian Cancers Advances Through International Research Cooperation
Gineco Engot Gcig 1st Edition Eric Pujadelauraine
https://ebookbell.com/product/ovarian-cancers-advances-through-
international-research-cooperation-gineco-engot-gcig-1st-edition-eric-
pujadelauraine-5735982
Parallel And Distributed Processing And Applications Ispa 2005
Workshops Ispa 2005 International Workshops Aepp Astd Bios Gcic Iads
Masn Sgca And Wisa Nanjing China November 25 2005 Proceedings 1st
Edition Di Wu
https://ebookbell.com/product/parallel-and-distributed-processing-and-
applications-ispa-2005-workshops-ispa-2005-international-workshops-
aepp-astd-bios-gcic-iads-masn-sgca-and-wisa-nanjing-china-
november-25-2005-proceedings-1st-edition-di-wu-4604548
Workshops Ispa 2005 International Workshops Aepp Astd Bios Gcic Iads
Masn Sgca And Wisa Nanjing China November 25 2005 Proceedings 1st
Edition Di Wu
https://ebookbell.com/product/parallel-and-distributed-processing-and-
applications-ispa-2005-workshops-ispa-2005-international-workshops-
aepp-astd-bios-gcic-iads-masn-sgca-and-wisa-nanjing-china-
november-25-2005-proceedings-1st-edition-di-wu-4604548
GCIH
Certification Guide
By
Cybellium Ltd
Certification Guide
By
Cybellium Ltd
Copyright © Cybellium Ltd
All Rights Reserved
No part of this book can be transmitted or reproduced in any
form, including print, electronic, photocopying, scanning,
mechanical, or recording without prior written permission
from the author.
While the author has made utmost efforts to ensur e the
accuracy or the written content, all readers are advised to
follow the information mentioned herein at their own risk.
The author cannot be held responsible for any personal or
commercial damage caused by misinterpretation of
information. All readers are encouraged to seek professional
advice when needed.
This e-book has been written for information purposes only.
Every effort has been made to mak e this book as complete
and accurate as possible. However, there may be mistakes
in typography or content. Also, this book provides
information only up to the publishing date. Therefore, this
book should only be used as a guide – not as ultimate
source.
The purpose of this book is to educate. The author and the
publisher do not warrant that the information contained in
this book is fully complete and shall not be responsible for
any errors or omissions. The author and the publisher shall
have neither liability nor responsibility to any person or
entity with respect to any loss or damage caused or alleged
to be caused directly or indirectly by this book.
All Rights Reserved
No part of this book can be transmitted or reproduced in any
form, including print, electronic, photocopying, scanning,
mechanical, or recording without prior written permission
from the author.
While the author has made utmost efforts to ensur e the
accuracy or the written content, all readers are advised to
follow the information mentioned herein at their own risk.
The author cannot be held responsible for any personal or
commercial damage caused by misinterpretation of
information. All readers are encouraged to seek professional
advice when needed.
This e-book has been written for information purposes only.
Every effort has been made to mak e this book as complete
and accurate as possible. However, there may be mistakes
in typography or content. Also, this book provides
information only up to the publishing date. Therefore, this
book should only be used as a guide – not as ultimate
source.
The purpose of this book is to educate. The author and the
publisher do not warrant that the information contained in
this book is fully complete and shall not be responsible for
any errors or omissions. The author and the publisher shall
have neither liability nor responsibility to any person or
entity with respect to any loss or damage caused or alleged
to be caused directly or indirectly by this book.
1. Introduction to GCIH
Certification
In the rapidly evolving landscape of cybersecurity, one of
the most challenging aspects for organizations is to deal
effectively with security incidents. From ransomware attacks
that can cripple business operations to data breaches that
can leak confidential information, security incidents are
diverse, complex, and often unpredictable. Therefore,
Certification
In the rapidly evolving landscape of cybersecurity, one of
the most challenging aspects for organizations is to deal
effectively with security incidents. From ransomware attacks
that can cripple business operations to data breaches that
can leak confidential information, security incidents are
diverse, complex, and often unpredictable. Therefore,
incident handling, which is the practice of preparing for and
responding to these types of incidents, has become an
indispensable aspect of cybersecurity. It is within this
context that the GIAC Certified Incident Handler (GCIH)
certification has gained prominence. The GCIH certification
serves as a critical benchmark for skills and knowledge in
this highly specialized field.
Objective of this Chapter
This chapter aims to introduce you to the world of GCIH
certification, to help you comprehend its value, understand
its structure, and effectively prepare for the exam. The
chapter is divided into several sections:
1.1 Understanding the GCIH Certification
This section will delve into the specifics of what GCIH is,
including the skills and knowledge areas that it covers. You
will get a comprehensive view of how this certification is
structured and what it means to be a GCIH certified
professional.
1.2 Why Pursue GCIH Certification?
Here, we will explore the benefits of obtaining the GCIH
certification. From career advancement to increasing your
credibility in the cybersecurity community, this section will
provide you with compelling reasons to consider getting
certified.
1.3 Overview of the GCIH Exam
A crucial part of achieving this certification involves passing
the GCIH exam. This section will offer a concise overview of
what to expect from the exam, including its format, scoring
mechanisms, and general guidelines.
1.4 Preparing Effectively for the GCIH Exam
responding to these types of incidents, has become an
indispensable aspect of cybersecurity. It is within this
context that the GIAC Certified Incident Handler (GCIH)
certification has gained prominence. The GCIH certification
serves as a critical benchmark for skills and knowledge in
this highly specialized field.
Objective of this Chapter
This chapter aims to introduce you to the world of GCIH
certification, to help you comprehend its value, understand
its structure, and effectively prepare for the exam. The
chapter is divided into several sections:
1.1 Understanding the GCIH Certification
This section will delve into the specifics of what GCIH is,
including the skills and knowledge areas that it covers. You
will get a comprehensive view of how this certification is
structured and what it means to be a GCIH certified
professional.
1.2 Why Pursue GCIH Certification?
Here, we will explore the benefits of obtaining the GCIH
certification. From career advancement to increasing your
credibility in the cybersecurity community, this section will
provide you with compelling reasons to consider getting
certified.
1.3 Overview of the GCIH Exam
A crucial part of achieving this certification involves passing
the GCIH exam. This section will offer a concise overview of
what to expect from the exam, including its format, scoring
mechanisms, and general guidelines.
1.4 Preparing Effectively for the GCIH Exam
The final section of this chapter will arm you with effective
strategies for preparing for the GCIH exam. From
recommended reading materials to practical labs, we'll
cover a range of resources that can help you prepare and
succeed.
1.1.Understanding the GCIH Certification
The Global Information Assurance Certification (GIAC)
Certified Incident Handler (GCIH) is a professional
certification that focuses on equipping individuals with the
skills, knowledge, and competence required to handle and
respond to security incidents effectively. This certification is
offered by GIAC, an entity renowned for providing a wide
array of cybersecurity certifications that adhere to the
highest standards of quality and rigor. The GCIH certification
stands out as a highly specialized qualification tailored to
the specific needs of incident response teams, IT security
officers, and other cybersecurity professionals tasked with
responding to security incidents.
History and Evolution
Before diving into the intricacies of the GCIH certification,
it's essential to understand its historical context. The GCIH
certification came into existence to address a growing need
for specialized skills in incident handling. As the
cybersecurity landscape evolved and threats became more
sophisticated, organizations started recognizing the
importance of having dedicated personnel trained in
handling incidents. The GCIH certification was developed to
create a standardized benchmark for skills and knowledge in
this field. Since its inception, it has undergone several
revisions to keep up with the ever-changing threat
landscape and technological advancements.
strategies for preparing for the GCIH exam. From
recommended reading materials to practical labs, we'll
cover a range of resources that can help you prepare and
succeed.
1.1.Understanding the GCIH Certification
The Global Information Assurance Certification (GIAC)
Certified Incident Handler (GCIH) is a professional
certification that focuses on equipping individuals with the
skills, knowledge, and competence required to handle and
respond to security incidents effectively. This certification is
offered by GIAC, an entity renowned for providing a wide
array of cybersecurity certifications that adhere to the
highest standards of quality and rigor. The GCIH certification
stands out as a highly specialized qualification tailored to
the specific needs of incident response teams, IT security
officers, and other cybersecurity professionals tasked with
responding to security incidents.
History and Evolution
Before diving into the intricacies of the GCIH certification,
it's essential to understand its historical context. The GCIH
certification came into existence to address a growing need
for specialized skills in incident handling. As the
cybersecurity landscape evolved and threats became more
sophisticated, organizations started recognizing the
importance of having dedicated personnel trained in
handling incidents. The GCIH certification was developed to
create a standardized benchmark for skills and knowledge in
this field. Since its inception, it has undergone several
revisions to keep up with the ever-changing threat
landscape and technological advancements.
Purpose and Objective
The primary purpose of the GCIH certification is to provide a
standardized assessment that verifies an individual's ability
to handle and respond to computer security incidents in a
professional environment. The objectives are twofold:
1. Skill Validation: It serves as a tool for individuals to
validate their skills in handling incidents, from initial
identification to closure. This includes a broad
spectrum of skills, from technical aspects like intrusion
detection and malware analysis to administrative
facets like incident classification and documentation.
2. Career Advancement : The GCIH certification is often
a prerequisite for roles focused on incident handling
and response. The certification also opens doors for
career advancement, as organizations actively seek
certified pr ofessionals to bolster their security teams.
Scope and Domain Coverage
The GCIH certification covers a variety of domains essential
for effective incident handling. Some of the key domains
include:
1. Incident Response and Handling: Understanding
the entire life cycle of incident response, from
preparation and identification to containment,
eradication, recovery, and lessons learned.
2. Understanding of Cyber Threats: Knowledge about
the different types of cyber threats like malware,
phishing, and advanced persistent threats, and how
they can affect an or ganization.
3. Legal Issues: Awareness of the legal implications
involved in incident handling, including evidence
gathering and reporting requirements.
The primary purpose of the GCIH certification is to provide a
standardized assessment that verifies an individual's ability
to handle and respond to computer security incidents in a
professional environment. The objectives are twofold:
1. Skill Validation: It serves as a tool for individuals to
validate their skills in handling incidents, from initial
identification to closure. This includes a broad
spectrum of skills, from technical aspects like intrusion
detection and malware analysis to administrative
facets like incident classification and documentation.
2. Career Advancement : The GCIH certification is often
a prerequisite for roles focused on incident handling
and response. The certification also opens doors for
career advancement, as organizations actively seek
certified pr ofessionals to bolster their security teams.
Scope and Domain Coverage
The GCIH certification covers a variety of domains essential
for effective incident handling. Some of the key domains
include:
1. Incident Response and Handling: Understanding
the entire life cycle of incident response, from
preparation and identification to containment,
eradication, recovery, and lessons learned.
2. Understanding of Cyber Threats: Knowledge about
the different types of cyber threats like malware,
phishing, and advanced persistent threats, and how
they can affect an or ganization.
3. Legal Issues: Awareness of the legal implications
involved in incident handling, including evidence
gathering and reporting requirements.
4. Forensic Analysis: Basics of both network and host
forensics to identify the source and impact of security
incidents.
5. Attack Techniques: Familiarity with common attack
vectors, tools, and techniques used by attackers.
6. Threat Intelligence: Understanding of threat
intelligence to aid in proactive identification of
potential security incidents.
7. Tool Familiarity: Proficiency in using various tools
used in incident detection and response, such as
Security Information and Event Management (SIEM)
solutions, Intrusion Detection Systems (IDS), and
forensics tools.
Exam Structure
The GCIH exam is a comprehensive assessment designed to
evaluate your understanding of the domains mentioned
above. It is typically a timed, proctored exam consisting of
multiple-choice questions. While the exam primarily tests
your theoretical understanding, the questions are often
designed to assess practical knowledge and the application
of concepts in real-world scenarios.
Prerequisites and Eligibility
The GCIH does not have strict prerequisites, but a
background in information security and some real-world
experience is highly recommended. People who benefit the
most from this certification are usually in roles such as
Security Analyst, Incident Responder, or Security
Administrator, where they have some exposure to incident
handling tasks. However, beginners with a strong theoretical
understanding and hands-on lab experience may also
pursue this certification to validate their skills and
knowledge.
forensics to identify the source and impact of security
incidents.
5. Attack Techniques: Familiarity with common attack
vectors, tools, and techniques used by attackers.
6. Threat Intelligence: Understanding of threat
intelligence to aid in proactive identification of
potential security incidents.
7. Tool Familiarity: Proficiency in using various tools
used in incident detection and response, such as
Security Information and Event Management (SIEM)
solutions, Intrusion Detection Systems (IDS), and
forensics tools.
Exam Structure
The GCIH exam is a comprehensive assessment designed to
evaluate your understanding of the domains mentioned
above. It is typically a timed, proctored exam consisting of
multiple-choice questions. While the exam primarily tests
your theoretical understanding, the questions are often
designed to assess practical knowledge and the application
of concepts in real-world scenarios.
Prerequisites and Eligibility
The GCIH does not have strict prerequisites, but a
background in information security and some real-world
experience is highly recommended. People who benefit the
most from this certification are usually in roles such as
Security Analyst, Incident Responder, or Security
Administrator, where they have some exposure to incident
handling tasks. However, beginners with a strong theoretical
understanding and hands-on lab experience may also
pursue this certification to validate their skills and
knowledge.
Preparing for the GCIH
Preparation for the GCIH exam is a critical aspect of
achieving this certification. It's advisable to combine
multiple learning resources, such as the official courseware
provided by GIAC, online tutorials, practice exams, and
hands-on labs to build the necessary skills. Forums,
webinars, and study groups can also provide valuable
insights and tips for exam preparation.
Credibility and Recognition
The GCIH is recognized globally and is often cited as one of
the must-have certifications for professionals in the incident
handling and response domain. Organizations such as
government agencies, financial institutions, and healthcare
providers look favorably upon candidates who hold a GCIH
certification, recognizing it as a mark of competence and
expertise in the field.
Recertification and Continuing Education
Like many professional certifications, the GCIH is not a one-
time achievement. GIAC mandates periodic recertification to
ensure that certified professionals keep up to date with the
latest trends and technologies in the field. This usually
involves earning Continuing Professional Education (CPE)
credits through activities like attending workshops,
publishing articles, or taking up additional certifications.
Final Thoughts
Understanding the GCIH certification involves mor e than just
knowing what the acronym stands for. It's about recognizing
the certification's role in the broader context of
cybersecurity, understanding its scope and objectives, and
being aware of how it can serve as a valuable asset in your
career development. As cyber threats continue to evolve
and grow in complexity, the importance of skilled incident
Preparation for the GCIH exam is a critical aspect of
achieving this certification. It's advisable to combine
multiple learning resources, such as the official courseware
provided by GIAC, online tutorials, practice exams, and
hands-on labs to build the necessary skills. Forums,
webinars, and study groups can also provide valuable
insights and tips for exam preparation.
Credibility and Recognition
The GCIH is recognized globally and is often cited as one of
the must-have certifications for professionals in the incident
handling and response domain. Organizations such as
government agencies, financial institutions, and healthcare
providers look favorably upon candidates who hold a GCIH
certification, recognizing it as a mark of competence and
expertise in the field.
Recertification and Continuing Education
Like many professional certifications, the GCIH is not a one-
time achievement. GIAC mandates periodic recertification to
ensure that certified professionals keep up to date with the
latest trends and technologies in the field. This usually
involves earning Continuing Professional Education (CPE)
credits through activities like attending workshops,
publishing articles, or taking up additional certifications.
Final Thoughts
Understanding the GCIH certification involves mor e than just
knowing what the acronym stands for. It's about recognizing
the certification's role in the broader context of
cybersecurity, understanding its scope and objectives, and
being aware of how it can serve as a valuable asset in your
career development. As cyber threats continue to evolve
and grow in complexity, the importance of skilled incident
handlers will only increase, making the GCIH certification
more relevant than ever. Therefore, for anyone looking to
specialize in the challenging yet rewarding field of incident
handling and response, the GCIH certification serves as an
excellent starting point.
1.2.Why Pursue GCIH Certification?
The question of why one should pursue the GCIH (GIAC
Certified Incident Handler) certification is particularly
relevant in a landscape teeming with various other
cybersecurity certifications. The decision to invest time,
effort, and money into this certification should be well-
informed and strategically aligned with one’s career
objectives and personal development goals. In this section,
we’ll explore the myriad reasons that make GCIH a sought-
after certification for professionals engaged in the field of
cybersecurity, specifically in the realm of incident handling
and response.
Career Advancement and Mark etability
One of the most straightforward reasons for pursuing any
professional certification is career advancement. A GCIH
certification demonstrates that you possess a standardized
level of expertise and practical knowledge in incident
handling, one of the most critical aspects of cybersecurity.
In the highly competitive job market of today, employers are
increasingly seeking professionals who not only have
theoretical knowledge but can also apply it in real-world
scenarios. Holding a GCIH certification is often a
requirement for roles like Security Analyst, Incident
Responder, and IT Security Manager, among others. It
significantly boosts your resume and sets you apart from
more relevant than ever. Therefore, for anyone looking to
specialize in the challenging yet rewarding field of incident
handling and response, the GCIH certification serves as an
excellent starting point.
1.2.Why Pursue GCIH Certification?
The question of why one should pursue the GCIH (GIAC
Certified Incident Handler) certification is particularly
relevant in a landscape teeming with various other
cybersecurity certifications. The decision to invest time,
effort, and money into this certification should be well-
informed and strategically aligned with one’s career
objectives and personal development goals. In this section,
we’ll explore the myriad reasons that make GCIH a sought-
after certification for professionals engaged in the field of
cybersecurity, specifically in the realm of incident handling
and response.
Career Advancement and Mark etability
One of the most straightforward reasons for pursuing any
professional certification is career advancement. A GCIH
certification demonstrates that you possess a standardized
level of expertise and practical knowledge in incident
handling, one of the most critical aspects of cybersecurity.
In the highly competitive job market of today, employers are
increasingly seeking professionals who not only have
theoretical knowledge but can also apply it in real-world
scenarios. Holding a GCIH certification is often a
requirement for roles like Security Analyst, Incident
Responder, and IT Security Manager, among others. It
significantly boosts your resume and sets you apart from
professionals who might not have any specialized
credentials.
Skill Validation and Personal Development
The process of preparing for and passing the GCIH exam can
be a rewarding experience in itself. It provides a structured
framework for learning that covers the entire gamut of
incident response activities. Whether it is understanding the
various types of incidents, identifying them, learning the
steps for containment, or the documentation and legal
aspects of incident handling, the certification journey
enables a holistic understanding of the subject matter. It
helps validate your skills and fills in knowledge gaps,
ultimately contributing to your personal and professional
development.
Meeting Industry Standards
The cybersecurity field is fast-evolving, and professionals
need to keep up with the latest trends, tools, and best
practices. The GCIH certification ensures that you are
aligned with industry standards. Given that the certification
body, GIAC, is a well-recognized and respected entity, their
certifications are designed to meet and often exceed current
industry standards. By obtaining this certification, you send
a clear message to employers, peers, and clients that you
are committed to following high standards in your
professional work.
Salary Boost
Multiple surveys and reports indicate that certified
professionals in the field of cybersecurity tend to earn
higher salaries compared to those without any certifications.
The GCIH certification is no exception. Given the specialized
nature of incident handling, organizations are willing to
invest in hiring skilled personnel who can effectively
manage and mitigate security incidents, thereby preventing
credentials.
Skill Validation and Personal Development
The process of preparing for and passing the GCIH exam can
be a rewarding experience in itself. It provides a structured
framework for learning that covers the entire gamut of
incident response activities. Whether it is understanding the
various types of incidents, identifying them, learning the
steps for containment, or the documentation and legal
aspects of incident handling, the certification journey
enables a holistic understanding of the subject matter. It
helps validate your skills and fills in knowledge gaps,
ultimately contributing to your personal and professional
development.
Meeting Industry Standards
The cybersecurity field is fast-evolving, and professionals
need to keep up with the latest trends, tools, and best
practices. The GCIH certification ensures that you are
aligned with industry standards. Given that the certification
body, GIAC, is a well-recognized and respected entity, their
certifications are designed to meet and often exceed current
industry standards. By obtaining this certification, you send
a clear message to employers, peers, and clients that you
are committed to following high standards in your
professional work.
Salary Boost
Multiple surveys and reports indicate that certified
professionals in the field of cybersecurity tend to earn
higher salaries compared to those without any certifications.
The GCIH certification is no exception. Given the specialized
nature of incident handling, organizations are willing to
invest in hiring skilled personnel who can effectively
manage and mitigate security incidents, thereby preventing
financial losses and reputation damage. A GCIH certification
could be your ticket to a salary hike or a more lucrative job
offer.
Peer and Community Recognition
Being a GCIH certified professional often brings with it a
level of peer recognition. As part of your preparation and
even after certification, you will likely engage with a
community of like-minded professionals who are either GCIH
certified or are aspiring to be. These platforms—be they
online forums, social media groups, or professional
networking sites—offer opportunities for knowledge sharing,
problem-solving, and professional networking. The
recognition you gain within this specialized community can
be gratifying and open doors to opportunities you might not
have even been aware of.
Vendor-Neutral Skillset
One of the highlights of the GCIH certification is that it is
vendor-neutral. This means that the skills and knowledge
you acquire are applicable across a variety of tools,
platforms, and technologies, unlike vendor-specific
certifications, which might pigeonhole you into a particular
product or solution. The vendor-neutral aspect enhances
your adaptability and versatility in a field that is continually
evolving.
Credibility in Client Engagements
If you are in a role that requires client interactions, being a
GCIH certified professional can boost your credibility
manifold. Clients and stakeholders often feel more
comfortable knowing they are dealing with someone who
has verified expertise. This can be particularly beneficial for
consultants, auditors, and anyone in a client-facing role.
Preparing for Leadership Roles
could be your ticket to a salary hike or a more lucrative job
offer.
Peer and Community Recognition
Being a GCIH certified professional often brings with it a
level of peer recognition. As part of your preparation and
even after certification, you will likely engage with a
community of like-minded professionals who are either GCIH
certified or are aspiring to be. These platforms—be they
online forums, social media groups, or professional
networking sites—offer opportunities for knowledge sharing,
problem-solving, and professional networking. The
recognition you gain within this specialized community can
be gratifying and open doors to opportunities you might not
have even been aware of.
Vendor-Neutral Skillset
One of the highlights of the GCIH certification is that it is
vendor-neutral. This means that the skills and knowledge
you acquire are applicable across a variety of tools,
platforms, and technologies, unlike vendor-specific
certifications, which might pigeonhole you into a particular
product or solution. The vendor-neutral aspect enhances
your adaptability and versatility in a field that is continually
evolving.
Credibility in Client Engagements
If you are in a role that requires client interactions, being a
GCIH certified professional can boost your credibility
manifold. Clients and stakeholders often feel more
comfortable knowing they are dealing with someone who
has verified expertise. This can be particularly beneficial for
consultants, auditors, and anyone in a client-facing role.
Preparing for Leadership Roles
Incident handling isn’t just about dealing with technical
aspects like intrusion detection systems, firewalls, and
malware analysis. It also involves managerial aspects like
team coordination, strategic planning, and reporting. The
broad knowledge base that the GCIH certification covers
prepares you for leadership roles within your organization.
Filling a Growing Demand
Cyber threats are escalating both in volume and
sophistication. The frequency of high-profile incidents like
data breaches and ransomware attacks has led to a growing
demand for skilled incident handlers. Organizations need
people who can not only respond effectively to these
incidents but also take proactive measures to minimize
future risks. A GCIH certification demonstrates your
competence in this growing and vital field.
International Recognition
The GCIH certification is internationally recognized and is as
respected in North America as it is in Europe, Asia, or any
other part of the world. Cybersecurity is a global concern,
and the skills you acquire through GCIH certification are
universally applicable. This global recognition expands your
job market and career prospects considerably.
Compliance and Regulatory Requirements
Various compliance frameworks and regulations, like GDPR
in Europe or HIPAA in the United States, necessitate
organizations to have proper incident response capabilities.
Being GCIH certified could make you an asset for
organizations looking to meet these compliance
requirements, giving you a competitive edge in job selection
processes.
Recertification and Skill Updation
aspects like intrusion detection systems, firewalls, and
malware analysis. It also involves managerial aspects like
team coordination, strategic planning, and reporting. The
broad knowledge base that the GCIH certification covers
prepares you for leadership roles within your organization.
Filling a Growing Demand
Cyber threats are escalating both in volume and
sophistication. The frequency of high-profile incidents like
data breaches and ransomware attacks has led to a growing
demand for skilled incident handlers. Organizations need
people who can not only respond effectively to these
incidents but also take proactive measures to minimize
future risks. A GCIH certification demonstrates your
competence in this growing and vital field.
International Recognition
The GCIH certification is internationally recognized and is as
respected in North America as it is in Europe, Asia, or any
other part of the world. Cybersecurity is a global concern,
and the skills you acquire through GCIH certification are
universally applicable. This global recognition expands your
job market and career prospects considerably.
Compliance and Regulatory Requirements
Various compliance frameworks and regulations, like GDPR
in Europe or HIPAA in the United States, necessitate
organizations to have proper incident response capabilities.
Being GCIH certified could make you an asset for
organizations looking to meet these compliance
requirements, giving you a competitive edge in job selection
processes.
Recertification and Skill Updation
The field of cybersecurity is continuously evolving. The GCIH
certification requires recertification, ensuring that you are
committed to continuous learning and skill updation. This
requirement not only keeps your knowledge fresh but also
aligns with the expectation for professionals to evolve with
their field.
Conclusion
In summary, the decision to pursue GCIH certification should
be a calculated one, based on various factors ranging from
career growth and skill validation to filling the demand gap
and earning potential. As organizations worldwide grapple
with an ever-increasing range of cyber threats, the need for
certified, skilled, and versatile incident handlers is not only
apparent but growing. With its wide-ranging benefits, the
GCIH certification equips you to be on the frontline of this
battle, making you an invaluable asset to any organization.
The certifica tion does not just represent a line on your
resume but signifies a dedication to excellence, a mastery
of critical skills, and a commitment to staying abreast of
industry standards and best practices. Therefore, if you're
considering a career in incident handling or looking to
advance in your current role, the GCIH certification offers a
compelling array of reasons to take the plunge.
1.3.Overview of the GCIH Exam
As you embark on your journey toward achieving the GCIH
(GIAC Certified Incident Handler) certification, it's crucial to
have a detailed understanding of what the certification
exam entails. This section aims to provide an in-depth
overview of the GCIH exam, breaking down its structure,
content domains, question formats, and other critical details
certification requires recertification, ensuring that you are
committed to continuous learning and skill updation. This
requirement not only keeps your knowledge fresh but also
aligns with the expectation for professionals to evolve with
their field.
Conclusion
In summary, the decision to pursue GCIH certification should
be a calculated one, based on various factors ranging from
career growth and skill validation to filling the demand gap
and earning potential. As organizations worldwide grapple
with an ever-increasing range of cyber threats, the need for
certified, skilled, and versatile incident handlers is not only
apparent but growing. With its wide-ranging benefits, the
GCIH certification equips you to be on the frontline of this
battle, making you an invaluable asset to any organization.
The certifica tion does not just represent a line on your
resume but signifies a dedication to excellence, a mastery
of critical skills, and a commitment to staying abreast of
industry standards and best practices. Therefore, if you're
considering a career in incident handling or looking to
advance in your current role, the GCIH certification offers a
compelling array of reasons to take the plunge.
1.3.Overview of the GCIH Exam
As you embark on your journey toward achieving the GCIH
(GIAC Certified Incident Handler) certification, it's crucial to
have a detailed understanding of what the certification
exam entails. This section aims to provide an in-depth
overview of the GCIH exam, breaking down its structure,
content domains, question formats, and other critical details
you must be familiar with to strategize your preparation
effectively.
Exam Structure
The GCIH exam is a proctored test comprising 150 multiple-
choice questions. Candidates are given a total of four hours
to complete the exam. Unlike exams for some other
certifications, the GCIH exam has no lab component;
however, it requires practical knowledge to answer
scenario-based questions effectively . The exam is taken on a
computer and is administered through Pearson VUE testing
centers, which are located worldwide.
Content Domains
The exam covers a range of topics divided into various
content domains. These domains encompass all the key
aspects of incident handling and response, and a strong
understanding of these areas is essential for exam success.
Some of the significant content domains include:
1. Incident Handling Fundamentals: This domain
covers the basic concepts and processes that form the
foundation of incident handling. Topics such as the
Incident Response Process, roles and responsibilities,
and communication during an incident fall under this
domain.
2. Threats and Attacks: This domain focuses on the
different types of cyber threats, including malware,
ransomware, and phishing. It also covers various attack
vectors and techniques employed by adversaries.
3. Vulnerabilities and Exploits: This domain is devoted
to understanding the various vulnerabilities that can be
exploited in a cyberattack. It also covers methods used
by attackers to exploit these vulnerabilities and the
tools they employ.
effectively.
Exam Structure
The GCIH exam is a proctored test comprising 150 multiple-
choice questions. Candidates are given a total of four hours
to complete the exam. Unlike exams for some other
certifications, the GCIH exam has no lab component;
however, it requires practical knowledge to answer
scenario-based questions effectively . The exam is taken on a
computer and is administered through Pearson VUE testing
centers, which are located worldwide.
Content Domains
The exam covers a range of topics divided into various
content domains. These domains encompass all the key
aspects of incident handling and response, and a strong
understanding of these areas is essential for exam success.
Some of the significant content domains include:
1. Incident Handling Fundamentals: This domain
covers the basic concepts and processes that form the
foundation of incident handling. Topics such as the
Incident Response Process, roles and responsibilities,
and communication during an incident fall under this
domain.
2. Threats and Attacks: This domain focuses on the
different types of cyber threats, including malware,
ransomware, and phishing. It also covers various attack
vectors and techniques employed by adversaries.
3. Vulnerabilities and Exploits: This domain is devoted
to understanding the various vulnerabilities that can be
exploited in a cyberattack. It also covers methods used
by attackers to exploit these vulnerabilities and the
tools they employ.
4. Network and Host Forensics: This section delves
into the techniques and tools for conducting network
and host-based forensics during and after an incident.
It involves understanding logs, analyzing network
traffic, and e xamining compromised hosts.
5. Incident Detection and Analysis Tools: In this
domain, candidates learn about tools like Security
Information and Event Management (SIEM), Intrusion
Detection Systems (IDS), and Endpoint Detection and
Response (EDR) solutions, which are critical in
detecting and analyzing security incidents.
6. Incident Response and Handling: This domain
covers the practical steps involved in responding to an
incident, including triage, containment, eradication,
and recovery.
7. Legal and Ethical Considerations: This section
addresses the legal issues surrounding incident
handling, such as chain of custody, evidence handling,
and data protection laws.
Question Formats
The GCIH exam questions are designed to assess both
theoretical understanding and practical application.
Multiple-choice questions are the most common format, but
the exam also includes scenario-based questions that
simulate real-world situations. These questions are often
challenging and require a deep understanding of the subject
matter to answer correctly.
Passing Score
The minimum passing score for the GCIH exam varies
slightly, depending on the version of the exam, but it
generally hovers around 73%. Your score will be
immediately available upon completion of the exam,
into the techniques and tools for conducting network
and host-based forensics during and after an incident.
It involves understanding logs, analyzing network
traffic, and e xamining compromised hosts.
5. Incident Detection and Analysis Tools: In this
domain, candidates learn about tools like Security
Information and Event Management (SIEM), Intrusion
Detection Systems (IDS), and Endpoint Detection and
Response (EDR) solutions, which are critical in
detecting and analyzing security incidents.
6. Incident Response and Handling: This domain
covers the practical steps involved in responding to an
incident, including triage, containment, eradication,
and recovery.
7. Legal and Ethical Considerations: This section
addresses the legal issues surrounding incident
handling, such as chain of custody, evidence handling,
and data protection laws.
Question Formats
The GCIH exam questions are designed to assess both
theoretical understanding and practical application.
Multiple-choice questions are the most common format, but
the exam also includes scenario-based questions that
simulate real-world situations. These questions are often
challenging and require a deep understanding of the subject
matter to answer correctly.
Passing Score
The minimum passing score for the GCIH exam varies
slightly, depending on the version of the exam, but it
generally hovers around 73%. Your score will be
immediately available upon completion of the exam,
allowing you to know right away whether you've earned the
certification. However, the certification itself will be mailed
to you several weeks later.
certification. However, the certification itself will be mailed
to you several weeks later.
Open-Book Format
Unlike many other certification exams, the GCIH exam is
open-book. You are allowed to bring printed materials and
notes to the testing center, but electronic devices like
smartphones, tablets, and laptops are strictly prohibited.
While the open-book format may seem to ease the exam’s
difficulty, it’s crucial to remember that time is limited.
Efficiently navigating your reference materials under time
constraints requires preparation and strategy.
Exam Fees
The cost of the GCIH exam is usually bundled with the
training course offered by GIAC, but you can also choose to
take the exam separately. As of my last update in January
2022, the exam fee alone was $1,999. Always check the
most recent pricing details as these are subject to change.
Retake Policy
If you don't pass the GCIH exam on your first attempt, you
will have to wait for 30 days before you can retake it.
Additional fees apply for retakes. It's crucial, therefore, to be
as prepared as possible to avoid the cost and delay
associated with a retake.
Exam Eligibility and Pre-requisites
There are no mandatory prerequisites for taking the GCIH
exam. However, it's recommended to have a good
understanding of general cybersecurity concepts and some
hands-on experience in incident handling or a similar field.
Some candidates opt to take the official SANS training,
SEC504: Hacker Tools, Techniques, Exploits, and Incident
Handling, although this is not a requirement.
Preparation Resources
Unlike many other certification exams, the GCIH exam is
open-book. You are allowed to bring printed materials and
notes to the testing center, but electronic devices like
smartphones, tablets, and laptops are strictly prohibited.
While the open-book format may seem to ease the exam’s
difficulty, it’s crucial to remember that time is limited.
Efficiently navigating your reference materials under time
constraints requires preparation and strategy.
Exam Fees
The cost of the GCIH exam is usually bundled with the
training course offered by GIAC, but you can also choose to
take the exam separately. As of my last update in January
2022, the exam fee alone was $1,999. Always check the
most recent pricing details as these are subject to change.
Retake Policy
If you don't pass the GCIH exam on your first attempt, you
will have to wait for 30 days before you can retake it.
Additional fees apply for retakes. It's crucial, therefore, to be
as prepared as possible to avoid the cost and delay
associated with a retake.
Exam Eligibility and Pre-requisites
There are no mandatory prerequisites for taking the GCIH
exam. However, it's recommended to have a good
understanding of general cybersecurity concepts and some
hands-on experience in incident handling or a similar field.
Some candidates opt to take the official SANS training,
SEC504: Hacker Tools, Techniques, Exploits, and Incident
Handling, although this is not a requirement.
Preparation Resources
A variety of resources are available to help candidates
prepare for the GCIH exam. These include official training
courses, textbooks, online forums, and practice exams. GIAC
also provides an exam outline and a list of recommended
readings to help candidates focus their study efforts.
Time Management
Since you only have four hours to complete 150 questions,
time management is critical. Practicing with timed mock
exams can help you gauge how much time to allocate to
each question and how to efficiently search through your
reference materials, if needed.
Conclusion
Understanding the GCIH exam in its entirety is a
fundamental step in your certification journey. With a clear
grasp of its structure, content domains, and question
formats, you can develop a study strategy that targets your
weak areas while reinforcing your strengths. Furthermore,
being aware of logistical elements like the retake policy,
exam fees, and time management considerations will help
you approach the exam with confidence and poise. In an
ever-evolving landscape of cybersecurity threats, a GCIH
certification can be your cornerstone in becoming a skilled
and proficient incident handler. Knowing what to expect in
the exam is the first step in that dir ection.
1.4.Preparing Effectively for the GCIH Exam
Achieving a GCIH (GIAC Certified Incident Handler)
certification is no small feat; it necessitates dedicated
preparation, a keen understanding of the subject matter,
and effective utilization of various resources and strategies.
In this section, we will delve into the most effective
prepare for the GCIH exam. These include official training
courses, textbooks, online forums, and practice exams. GIAC
also provides an exam outline and a list of recommended
readings to help candidates focus their study efforts.
Time Management
Since you only have four hours to complete 150 questions,
time management is critical. Practicing with timed mock
exams can help you gauge how much time to allocate to
each question and how to efficiently search through your
reference materials, if needed.
Conclusion
Understanding the GCIH exam in its entirety is a
fundamental step in your certification journey. With a clear
grasp of its structure, content domains, and question
formats, you can develop a study strategy that targets your
weak areas while reinforcing your strengths. Furthermore,
being aware of logistical elements like the retake policy,
exam fees, and time management considerations will help
you approach the exam with confidence and poise. In an
ever-evolving landscape of cybersecurity threats, a GCIH
certification can be your cornerstone in becoming a skilled
and proficient incident handler. Knowing what to expect in
the exam is the first step in that dir ection.
1.4.Preparing Effectively for the GCIH Exam
Achieving a GCIH (GIAC Certified Incident Handler)
certification is no small feat; it necessitates dedicated
preparation, a keen understanding of the subject matter,
and effective utilization of various resources and strategies.
In this section, we will delve into the most effective
techniques, tools, and best practices to prepare for the GCIH
exam.
Start Early and Make a Study Plan
The first step in preparing for the GCIH exam is to start as
early as possible. Given the extensive curriculum and the
need for practical understanding, starting several months
before your exam date will allow you to cover all the topics
adequately. Create a comprehensive study plan that
outlines what topics you'll cover each week, carving out
daily or bi-weekly study sessions.
Your study plan should be a live document that you adjust
according to your pace and understanding of the subjects. If
you find that you've understood one topic quicker than
anticipated, consider diving deeper into it or moving ahead
to the next section. Conversely, if you find that a particular
area is more complex than you thought, don't hesitate to
adjust your study plan to allocate more time to it.
Identify Your Learning Style
Everyone has a unique learning style. Some individuals are
visual learners, others are auditory learners, and some
prefer a more hands-on, practical approach. Understanding
your learning style can significantly impact how efficiently
you grasp and retain information.
exam.
Start Early and Make a Study Plan
The first step in preparing for the GCIH exam is to start as
early as possible. Given the extensive curriculum and the
need for practical understanding, starting several months
before your exam date will allow you to cover all the topics
adequately. Create a comprehensive study plan that
outlines what topics you'll cover each week, carving out
daily or bi-weekly study sessions.
Your study plan should be a live document that you adjust
according to your pace and understanding of the subjects. If
you find that you've understood one topic quicker than
anticipated, consider diving deeper into it or moving ahead
to the next section. Conversely, if you find that a particular
area is more complex than you thought, don't hesitate to
adjust your study plan to allocate more time to it.
Identify Your Learning Style
Everyone has a unique learning style. Some individuals are
visual learners, others are auditory learners, and some
prefer a more hands-on, practical approach. Understanding
your learning style can significantly impact how efficiently
you grasp and retain information.
●Visual Learners: If you're a visual learner, you might
benefit from watching video tutorials, using flashcards,
or creating diagrams to understand concepts better.
●Auditory Learners: If you prefer learning through
listening, consider utilizing podcasts, audiobooks, or
even recording yourself explaining concepts and
listening to them later.
●Kinesthetic Learners: If you are a hands-on learner,
consider setting up a home lab to practice incident
handling tasks. This practical experience will be
invaluable in understanding the nuances of incident
response.
Leverage Various Resources
A multitude of resources are available for GCIH exam
preparation:
1. Official Training: The official SANS training course
(SEC504) is a valuable resource but often comes with a
hefty price tag. If you can afford it, it's highly
recommended.
2. Books and Study Guides: There are various books
and study guides specifically designed to cover the
GCIH exam content. Make sure to pick the most up-to-
date versions.
3. Online Forums and Communities: Websites like
Reddit, and cybersecurity-focused forums often have
dedicated threads and user experiences that can offer
unique perspectives and tips.
4. Practice Exams: Practice exams are crucial in gauging
your exam readiness. GIAC offers two practice exams
as part of the exam fee, and it's wise to use them as
benchmarks.
benefit from watching video tutorials, using flashcards,
or creating diagrams to understand concepts better.
●Auditory Learners: If you prefer learning through
listening, consider utilizing podcasts, audiobooks, or
even recording yourself explaining concepts and
listening to them later.
●Kinesthetic Learners: If you are a hands-on learner,
consider setting up a home lab to practice incident
handling tasks. This practical experience will be
invaluable in understanding the nuances of incident
response.
Leverage Various Resources
A multitude of resources are available for GCIH exam
preparation:
1. Official Training: The official SANS training course
(SEC504) is a valuable resource but often comes with a
hefty price tag. If you can afford it, it's highly
recommended.
2. Books and Study Guides: There are various books
and study guides specifically designed to cover the
GCIH exam content. Make sure to pick the most up-to-
date versions.
3. Online Forums and Communities: Websites like
Reddit, and cybersecurity-focused forums often have
dedicated threads and user experiences that can offer
unique perspectives and tips.
4. Practice Exams: Practice exams are crucial in gauging
your exam readiness. GIAC offers two practice exams
as part of the exam fee, and it's wise to use them as
benchmarks.
5. Peer Study: If possible, engage in group studies.
Explaining complex topics to peers can be an excellent
way to test your understanding.
Practice, Practice, Practice
Given that the GCIH exam includes a significant number of
scenario-based questions that test practical understanding,
hands-on practice is indispensable. Set up virtual labs to
simulate different types of incidents, from malware
infections to insider threats, and practice how you would
handle them.
Master Time Management
Time management is a crucial factor, not just in your
preparation but also when taking the exam. During your
study sessions, simulate exam conditions by setting a timer
and going through a set number of questions. This practice
will help you get a feel for how quickly you need to move
during the actual exam to complete all the questions.
Make Summary Notes and Cheat Sheets
The GCIH exam is open book, meaning you can bring in
printed materials. Utilize this opportunity by creating
summary notes, cheat sheets, or quick reference guides.
These can help you quickly locate critical information during
the exam, saving valuable time.
Consider the GCIH Objectives
GIAC provides a detailed list of exam objectives. This list is
your best friend throughout your study journey. Use it as a
checklist to ensure you've covered all areas and understand
the scope and depth you need to reach in each subject.
Take Breaks and Rest
As crucial as studying is, don't underestimate the
importance of taking regular breaks and getting enough
Explaining complex topics to peers can be an excellent
way to test your understanding.
Practice, Practice, Practice
Given that the GCIH exam includes a significant number of
scenario-based questions that test practical understanding,
hands-on practice is indispensable. Set up virtual labs to
simulate different types of incidents, from malware
infections to insider threats, and practice how you would
handle them.
Master Time Management
Time management is a crucial factor, not just in your
preparation but also when taking the exam. During your
study sessions, simulate exam conditions by setting a timer
and going through a set number of questions. This practice
will help you get a feel for how quickly you need to move
during the actual exam to complete all the questions.
Make Summary Notes and Cheat Sheets
The GCIH exam is open book, meaning you can bring in
printed materials. Utilize this opportunity by creating
summary notes, cheat sheets, or quick reference guides.
These can help you quickly locate critical information during
the exam, saving valuable time.
Consider the GCIH Objectives
GIAC provides a detailed list of exam objectives. This list is
your best friend throughout your study journey. Use it as a
checklist to ensure you've covered all areas and understand
the scope and depth you need to reach in each subject.
Take Breaks and Rest
As crucial as studying is, don't underestimate the
importance of taking regular breaks and getting enough
rest. Overloading yourself can lead to burnout and
decreased performance. Adopt techniques like the
Pomodoro Technique to ensure that you take short breaks
during study sessions to relax your mind.
Self-Assessment and Review
Regularly assess your readiness through practice exams and
quizzes. Focus particularly on the questions you got wrong
and understand the concepts behind them. This continuous
self-assessment and adjustment of your study plan will keep
you on the right track.
Simulate Exam Da y Conditions
A week or so before the exam, try to simulate the conditions
you'll face on the exam day. If you're going to use reference
materials, practice locating information from them quickly.
Simulate the exam timing, the environment, and even the
kind of attire you'll wear to see how comfortable you are.
The more you can replicate the exam day, the less stressful
the real situation will be.
Conclusion
Preparation for the GCIH exam is a journey that requires
thoughtful planning, dedicated study, and strategic
utilization of various resources. Whether you're new to the
field of incident handling or a seasoned professional looking
to validate your skills, the road to GCIH certification is paved
with opportunities to deepen your understanding and
sharpen your practical skills. By adhering to a structured
study plan, identifying your learning style, leveraging a
variety of study resources, and maintaining a healthy study-
life balance, you'll not only increase your odds of passing
the exam but also gain valuable knowledge that will serve
you well in your cybersecurity career.
decreased performance. Adopt techniques like the
Pomodoro Technique to ensure that you take short breaks
during study sessions to relax your mind.
Self-Assessment and Review
Regularly assess your readiness through practice exams and
quizzes. Focus particularly on the questions you got wrong
and understand the concepts behind them. This continuous
self-assessment and adjustment of your study plan will keep
you on the right track.
Simulate Exam Da y Conditions
A week or so before the exam, try to simulate the conditions
you'll face on the exam day. If you're going to use reference
materials, practice locating information from them quickly.
Simulate the exam timing, the environment, and even the
kind of attire you'll wear to see how comfortable you are.
The more you can replicate the exam day, the less stressful
the real situation will be.
Conclusion
Preparation for the GCIH exam is a journey that requires
thoughtful planning, dedicated study, and strategic
utilization of various resources. Whether you're new to the
field of incident handling or a seasoned professional looking
to validate your skills, the road to GCIH certification is paved
with opportunities to deepen your understanding and
sharpen your practical skills. By adhering to a structured
study plan, identifying your learning style, leveraging a
variety of study resources, and maintaining a healthy study-
life balance, you'll not only increase your odds of passing
the exam but also gain valuable knowledge that will serve
you well in your cybersecurity career.
1. Incident Handling
Fundamentals
In the ever-evolving landscape of cybersecurity, incident
handling stands as a critical discipline that focuses on
detecting, responding to, and managing security incidents.
These incidents can range from a simple phishing attempt
targeted at a single employee to complex, multi-faceted
cyber-attacks aimed at compromising an entire
organization's infrastructure. Effective incident handling is
vital to minimizing the impact of such incidents and
restoring normalcy in the quickest time possible. As you
delve into this crucial subject, it's important to grasp its
fundamental aspects, from understanding what constitutes
an incident to the nuts and bolts of documenting and
resolving these disruptions.
The section on Incident Handling Fundamentals is designed
as a comprehensive primer for aspiring cybersecurity
professionals and a refresher for seasoned experts. By the
end of this section, you should have a strong foundational
understanding of the core elements of incident handling,
which are essential not just for passing the GCIH exam but
also for succeeding in real-world cybersecurity roles.
The section is broken down into the following key areas:
2.1 Incident Response Process
Understand the structured methodology for addressing and
managing the aftermath of a security incident. From
preparation to identification, containment, eradication,
recovery, and lessons learned, this segment provides a
holistic view of the entire incident response lifecycle.
2.2 Incident Classification and Prioritization
Fundamentals
In the ever-evolving landscape of cybersecurity, incident
handling stands as a critical discipline that focuses on
detecting, responding to, and managing security incidents.
These incidents can range from a simple phishing attempt
targeted at a single employee to complex, multi-faceted
cyber-attacks aimed at compromising an entire
organization's infrastructure. Effective incident handling is
vital to minimizing the impact of such incidents and
restoring normalcy in the quickest time possible. As you
delve into this crucial subject, it's important to grasp its
fundamental aspects, from understanding what constitutes
an incident to the nuts and bolts of documenting and
resolving these disruptions.
The section on Incident Handling Fundamentals is designed
as a comprehensive primer for aspiring cybersecurity
professionals and a refresher for seasoned experts. By the
end of this section, you should have a strong foundational
understanding of the core elements of incident handling,
which are essential not just for passing the GCIH exam but
also for succeeding in real-world cybersecurity roles.
The section is broken down into the following key areas:
2.1 Incident Response Process
Understand the structured methodology for addressing and
managing the aftermath of a security incident. From
preparation to identification, containment, eradication,
recovery, and lessons learned, this segment provides a
holistic view of the entire incident response lifecycle.
2.2 Incident Classification and Prioritization
Learn about the importance of categorizing incidents
according to their severity, type, and impact on the
business. This understanding is crucial for determining the
level of response required and effectively allocating
resources.
2.3 Incident Handling Documentation
Delve into the documentation requirements during and after
an incident. Good documentation is not merely a
bureaucratic necessity; it is instrumental in analyzing the
incident, supporting forensic activities, and improving future
incident response efforts.
2.4 Legal and Ethical Considerations
Explore the legal and ethical landscape that incident
handlers must navigate. Incorrect or uninformed actions can
not only exacerbate the incident but also lead to legal
repercussions. Being aware of laws and regulations
surrounding cybersecurity is paramount.
Each of these areas plays a pivotal role in an organization’s
incident handling strategy and will be invaluable when you
are in the trenches, facing real-world security incidents.
Whether you're defending a small business or a large
enterprise, these fundamentals serve as the building blocks
upon which more advanced strategies and techniques are
built.
So, let's start the journey through the fundamental aspects
of incident handling, a skill set that's indispensable in
today's digital age. Whether you aim to pass the GCIH exam
or simply wish to sharpen your skills for your role in
cybersecurity, understanding these fundamentals is the key
to becoming an effective incident handler .
according to their severity, type, and impact on the
business. This understanding is crucial for determining the
level of response required and effectively allocating
resources.
2.3 Incident Handling Documentation
Delve into the documentation requirements during and after
an incident. Good documentation is not merely a
bureaucratic necessity; it is instrumental in analyzing the
incident, supporting forensic activities, and improving future
incident response efforts.
2.4 Legal and Ethical Considerations
Explore the legal and ethical landscape that incident
handlers must navigate. Incorrect or uninformed actions can
not only exacerbate the incident but also lead to legal
repercussions. Being aware of laws and regulations
surrounding cybersecurity is paramount.
Each of these areas plays a pivotal role in an organization’s
incident handling strategy and will be invaluable when you
are in the trenches, facing real-world security incidents.
Whether you're defending a small business or a large
enterprise, these fundamentals serve as the building blocks
upon which more advanced strategies and techniques are
built.
So, let's start the journey through the fundamental aspects
of incident handling, a skill set that's indispensable in
today's digital age. Whether you aim to pass the GCIH exam
or simply wish to sharpen your skills for your role in
cybersecurity, understanding these fundamentals is the key
to becoming an effective incident handler .
2.1.Incident Response Process
Incident response is a structured approach to handling and
managing the aftermath of a security breach or attack, also
known as an "incident." The objective is to handle the
situation in a manner that limits damage and reduces
recovery time and costs. It's an orchestrated effort to
manage how the situation evolves, not just to contain the
incident but also to provide mechanisms for longer-term
preventative actions.
The Incident Response Lifecycle
The Incident Response Process is often described as a
lifecycle. It's an iterative approach that can be broken down
into the following stages:
1. Preparation: This is all about establishing and
maintaining your incident response capability.
2. Identification : This involves detecting and
acknowledging the incident.
3. Containment: This is short-term containment (fixing
the immediate issue) and long-term containment
(system-wide fix es).
4. Eradication: Finding the root cause of the incident and
completely removing it.
5. Recovery: Restoring and validating system
functionality for business operations to resume.
6. Lessons Learned: Capturing lessons learned to
improve future response efforts.
Preparation
Incident response is a structured approach to handling and
managing the aftermath of a security breach or attack, also
known as an "incident." The objective is to handle the
situation in a manner that limits damage and reduces
recovery time and costs. It's an orchestrated effort to
manage how the situation evolves, not just to contain the
incident but also to provide mechanisms for longer-term
preventative actions.
The Incident Response Lifecycle
The Incident Response Process is often described as a
lifecycle. It's an iterative approach that can be broken down
into the following stages:
1. Preparation: This is all about establishing and
maintaining your incident response capability.
2. Identification : This involves detecting and
acknowledging the incident.
3. Containment: This is short-term containment (fixing
the immediate issue) and long-term containment
(system-wide fix es).
4. Eradication: Finding the root cause of the incident and
completely removing it.
5. Recovery: Restoring and validating system
functionality for business operations to resume.
6. Lessons Learned: Capturing lessons learned to
improve future response efforts.
Preparation
Preparation is about laying the groundwork. It’s much more
than just having an incident response plan; it’s about
establishing a robust incident response policy, developing a
well-trained incident response team, and equipping them
with the right tools and resources. It’s during this phase that
you establish the norms and rules of engagement, decide
the communication hierarchy, and prepare documentation
templates that will be used to capture details during an
incident. Drills and tabletop exercises are part of the
preparation, providing your team with the necessary
practice to respond effectively to an incident.
Identification
Identification starts with the effective detection of
anomalies or incidents. This involves continuous monitoring
of systems and networks and establishing baselines so that
anomalies can be detected more accurately. Once an
anomaly is detected, it has to be validated to ascertain
whether it's a legitimate incident requiring intervention or a
false positive that can be safely ignored. Logs, SIEM
solutions, and alerts all contribute to the identification
phase. Timely identification is crucial for limiting damage;
hence, 24x7 monitoring is often necessary for critical
business environments.
Containment
Once an incident is identified, the next immediate action is
containment. Containment can be categorized into short-
term and long-term:
than just having an incident response plan; it’s about
establishing a robust incident response policy, developing a
well-trained incident response team, and equipping them
with the right tools and resources. It’s during this phase that
you establish the norms and rules of engagement, decide
the communication hierarchy, and prepare documentation
templates that will be used to capture details during an
incident. Drills and tabletop exercises are part of the
preparation, providing your team with the necessary
practice to respond effectively to an incident.
Identification
Identification starts with the effective detection of
anomalies or incidents. This involves continuous monitoring
of systems and networks and establishing baselines so that
anomalies can be detected more accurately. Once an
anomaly is detected, it has to be validated to ascertain
whether it's a legitimate incident requiring intervention or a
false positive that can be safely ignored. Logs, SIEM
solutions, and alerts all contribute to the identification
phase. Timely identification is crucial for limiting damage;
hence, 24x7 monitoring is often necessary for critical
business environments.
Containment
Once an incident is identified, the next immediate action is
containment. Containment can be categorized into short-
term and long-term:
●Short-term Containment: This is a tactical, quick-fix
solution to prevent the immediate spread of an incident.
It might involve isolating affected systems from the
network or disabling certain functions or services.
●Long-term Containment: This is a strategic action,
aiming to contain the incident across the organization
by applying patches, making configurations changes, or
updating policies across the board.
Both forms of containment are essential. Short-term
containment allows you to gain control of the situation
quickly, whereas long-term containment ensures that the
issue is fully resolved and will not reappear.
Eradication
After containment, the root cause of the incident needs to
be found and completely eradicated from the environment.
This might involve malware removal, system rebuilds, or
even a complete network architecture overhaul, depending
on the extent and nature of the incident. The eradication
phase often goes hand-in-hand with the collection of digital
evidence, especially if legal actions or compliance
requirements are to be met.
Recovery
The Recovery phase is about restoring and validating
system functionality for business operations to resume. It
involves monitoring the systems for any signs of
weaknesses that could be exploited again, and only when
the team is convinced that the threat has been neutralized,
is it considered safe to resume normal operations. Recovery
is a careful process and often involves multiple layers of
approval and validation, depending on the criticality of the
affected systems.
Lessons Learned
solution to prevent the immediate spread of an incident.
It might involve isolating affected systems from the
network or disabling certain functions or services.
●Long-term Containment: This is a strategic action,
aiming to contain the incident across the organization
by applying patches, making configurations changes, or
updating policies across the board.
Both forms of containment are essential. Short-term
containment allows you to gain control of the situation
quickly, whereas long-term containment ensures that the
issue is fully resolved and will not reappear.
Eradication
After containment, the root cause of the incident needs to
be found and completely eradicated from the environment.
This might involve malware removal, system rebuilds, or
even a complete network architecture overhaul, depending
on the extent and nature of the incident. The eradication
phase often goes hand-in-hand with the collection of digital
evidence, especially if legal actions or compliance
requirements are to be met.
Recovery
The Recovery phase is about restoring and validating
system functionality for business operations to resume. It
involves monitoring the systems for any signs of
weaknesses that could be exploited again, and only when
the team is convinced that the threat has been neutralized,
is it considered safe to resume normal operations. Recovery
is a careful process and often involves multiple layers of
approval and validation, depending on the criticality of the
affected systems.
Lessons Learned
The Lessons Learned phase is a retrospective of the entire
incident, conducted after the recovery. All stakeholders
participate in this exercise to determine what could have
been done differently and to prepare for future incidents.
Insights gathered from this exercise often lead to updates in
the incident response policy, tweaking of monitoring alerts,
or even a change in the incident response team's
composition.
Interdisciplinary Nature of Incident Response
It's essential to understand that incident response isn't just
an IT function; it's interdisciplinary. It often involves Legal,
HR, PR, and Business Units coordinating with the IT team to
ensure an all-encompassing approach. For example, Legal
teams would be involved if there were a data breach
involving sensitive customer data, and PR would need to
manage the organizational image.
Real-Time Decision Making
Incident response is not just about following a set
procedure; it involves real-time decision-making. This
decision-making is based on the facts and data available at
that time and the expertise of the incident response team.
Sometimes, the team might have to deviate from the
established plan if it means better containment or quicker
recovery.
Importance of Communication
Clear and timely communication is critical throughout the
incident response lifecycle. Whether it's the incident
response team communicating among themselves or with
other stakeholders, a breakdown in communication can be
detrimental.
Conclusion
incident, conducted after the recovery. All stakeholders
participate in this exercise to determine what could have
been done differently and to prepare for future incidents.
Insights gathered from this exercise often lead to updates in
the incident response policy, tweaking of monitoring alerts,
or even a change in the incident response team's
composition.
Interdisciplinary Nature of Incident Response
It's essential to understand that incident response isn't just
an IT function; it's interdisciplinary. It often involves Legal,
HR, PR, and Business Units coordinating with the IT team to
ensure an all-encompassing approach. For example, Legal
teams would be involved if there were a data breach
involving sensitive customer data, and PR would need to
manage the organizational image.
Real-Time Decision Making
Incident response is not just about following a set
procedure; it involves real-time decision-making. This
decision-making is based on the facts and data available at
that time and the expertise of the incident response team.
Sometimes, the team might have to deviate from the
established plan if it means better containment or quicker
recovery.
Importance of Communication
Clear and timely communication is critical throughout the
incident response lifecycle. Whether it's the incident
response team communicating among themselves or with
other stakeholders, a breakdown in communication can be
detrimental.
Conclusion
The Incident Response Process is a well-thought-out,
structured approach that aims to handle incidents in a
manner that minimizes damage and recovery time. It goes
beyond just technical solutions and involves organizational
planning, team coordination, real-time decision-making, and
post-incident retrospectives. It's a lifecycle that continually
evolves, feeding on past experiences to improve future
responses. It's not just about being reactive; the real goal is
to become proactive in identifying and mitigating risks
before they turn into incidents. For anyone preparing for the
GCIH exam or planning to be involved in incident handling,
understanding this process in depth is not just beneficial—
it's essential.
2.2.Incident Classification and Prioritization
As you navigate the labyrinthine world of cybersecurity,
understanding the concept of incident classification and
prioritization is indispensable. While all incidents merit
attention, they are not created equal. An organization's
ability to effectively deal with an incident hinges on how
well it is categorized and prioritized, thereby facilitating an
appropriate level of response. This crucial step can influence
not only the immediate actions taken but also the overall
time and resources dedicated to resolving the situation. This
section aims to dissect the intricacies involved in classifying
and prioritizing incidents effectively .
Why Classification Matters
The term "incident" is a catch-all that can mean anything
from a minor security infraction to a full-blown, crippling
cyberattack. If your organization faces a hundred alerts in a
day, treating all of them with the same level of urgency is
not just impractical but also dangerous. You could find your
structured approach that aims to handle incidents in a
manner that minimizes damage and recovery time. It goes
beyond just technical solutions and involves organizational
planning, team coordination, real-time decision-making, and
post-incident retrospectives. It's a lifecycle that continually
evolves, feeding on past experiences to improve future
responses. It's not just about being reactive; the real goal is
to become proactive in identifying and mitigating risks
before they turn into incidents. For anyone preparing for the
GCIH exam or planning to be involved in incident handling,
understanding this process in depth is not just beneficial—
it's essential.
2.2.Incident Classification and Prioritization
As you navigate the labyrinthine world of cybersecurity,
understanding the concept of incident classification and
prioritization is indispensable. While all incidents merit
attention, they are not created equal. An organization's
ability to effectively deal with an incident hinges on how
well it is categorized and prioritized, thereby facilitating an
appropriate level of response. This crucial step can influence
not only the immediate actions taken but also the overall
time and resources dedicated to resolving the situation. This
section aims to dissect the intricacies involved in classifying
and prioritizing incidents effectively .
Why Classification Matters
The term "incident" is a catch-all that can mean anything
from a minor security infraction to a full-blown, crippling
cyberattack. If your organization faces a hundred alerts in a
day, treating all of them with the same level of urgency is
not just impractical but also dangerous. You could find your
incident response team bogged down by minor issues while
a more severe incident wreaks havoc on your systems.
Incident classification is an essential step that sorts
incidents based on various factors like the affected assets,
the type of attack, the threat level, and so on. This
categorization helps decision-makers to quickly understand
the incident's nature and the appropriate control measures
required.
Criteria for Classification
Incidents can be classified based on several criteria. Here
are some commonly used ones:
1. Type of Incident: This refers to the kind of event,
such as malware infection, DoS attack, unauthorized
access, or data exfiltration.
2. Affected Assets: Classification can depend on what is
affected—whether it's a critical server, a workstation,
or sensitive data.
3. Data Sensitivity: Incidents involving sensitive or
personally identifiable information (PII) are generally
treated with higher priority.
4. Business Impact: An incident affecting mission-critical
systems requiring immediate attention will be ranked
higher compared to an incident affecting non-essential
systems.
5. Regulatory Implications: Some incidents may
involve potential non-compliance with regulations like
GDPR, HIPAA, or PCI-DSS, requiring immediate
attention.
6. Threat Vector: The way an attack is executed—via
email, web, direct intrusion, etc.—can also be a
classification criterion.
a more severe incident wreaks havoc on your systems.
Incident classification is an essential step that sorts
incidents based on various factors like the affected assets,
the type of attack, the threat level, and so on. This
categorization helps decision-makers to quickly understand
the incident's nature and the appropriate control measures
required.
Criteria for Classification
Incidents can be classified based on several criteria. Here
are some commonly used ones:
1. Type of Incident: This refers to the kind of event,
such as malware infection, DoS attack, unauthorized
access, or data exfiltration.
2. Affected Assets: Classification can depend on what is
affected—whether it's a critical server, a workstation,
or sensitive data.
3. Data Sensitivity: Incidents involving sensitive or
personally identifiable information (PII) are generally
treated with higher priority.
4. Business Impact: An incident affecting mission-critical
systems requiring immediate attention will be ranked
higher compared to an incident affecting non-essential
systems.
5. Regulatory Implications: Some incidents may
involve potential non-compliance with regulations like
GDPR, HIPAA, or PCI-DSS, requiring immediate
attention.
6. Threat Vector: The way an attack is executed—via
email, web, direct intrusion, etc.—can also be a
classification criterion.
7. Sophistication Level: Advanced Persistent Threats
(APTs) are usually categorized differently compared to
basic malware or phishing attacks.
The Prioritization Matrix
Once incidents are classified, they must be prioritized to
manage them effectively. Prioritization is about ranking the
incidents based on their potential or actual impact.
Many organizations use a Severity Matrix, sometimes also
called a Prioritization Matrix, to sort incidents. This matrix
often incorporates:
1. Impact on Business: High, Medium, Low
2. Urgency: Immediate, Soon, Later
3. Resource Availability: Available, Limited, None
Incidents that are high impact, require immediate attention,
and have available resources would be given the highest
priority.
Time-Sensitivity in Prioritization
An essential aspect of prioritization is the time factor. Some
incidents, such as ransomware attacks, are time-sensitive
and can escalate quickly if not addressed immediately. Such
incidents usually receive the highest priority because
delaying response could exponentially increase damage.
Balancing Prioritization
Prioritization is a balancing act. Organizations must weigh
the potential impact against the resource requirements for
containment and eradication. A low-impact, easily contained
incident might be addressed first to clear it off the list
quickly, enabling the incident response team to focus on
more severe incidents.
Real-world Scenarios
(APTs) are usually categorized differently compared to
basic malware or phishing attacks.
The Prioritization Matrix
Once incidents are classified, they must be prioritized to
manage them effectively. Prioritization is about ranking the
incidents based on their potential or actual impact.
Many organizations use a Severity Matrix, sometimes also
called a Prioritization Matrix, to sort incidents. This matrix
often incorporates:
1. Impact on Business: High, Medium, Low
2. Urgency: Immediate, Soon, Later
3. Resource Availability: Available, Limited, None
Incidents that are high impact, require immediate attention,
and have available resources would be given the highest
priority.
Time-Sensitivity in Prioritization
An essential aspect of prioritization is the time factor. Some
incidents, such as ransomware attacks, are time-sensitive
and can escalate quickly if not addressed immediately. Such
incidents usually receive the highest priority because
delaying response could exponentially increase damage.
Balancing Prioritization
Prioritization is a balancing act. Organizations must weigh
the potential impact against the resource requirements for
containment and eradication. A low-impact, easily contained
incident might be addressed first to clear it off the list
quickly, enabling the incident response team to focus on
more severe incidents.
Real-world Scenarios
Let's consider some examples for clarity:
1. Scenario 1: Your organization receives phishing
emails. While these are potentially harmful, they are
also easier to contain. They may not require immediate
attention if, for instance, a ransomware attack is
happening simultaneously.
2. Scenario 2: Your core business application has some
unusual activity. This is mission-critical and affects
business continuity, so the priority is higher.
3. Scenario 3: There's a malware alert on a non-critical
system. However, upon inspection, you realize it's a
zero-day exploit. The lack of immediate business
impact may be low, but the sophistication level propels
it to a higher priority.
Challenges in Classification and Prioritization
One of the challenges is to keep everyone on the same
page. As incident classification and prioritization require
input from various organizational units (IT, Legal, Business,
etc.), having a centralized, well-documented approach is
essential. Inconsistencies in classification can lead to
confusion and delays in response.
Another challenge is to adapt to the changing landscape. As
new types of incidents emerge, the criteria for classification
and prioritization must evolve. Regular training sessions and
updates to the incident response plan are essential.
Importance in the GCIH Exam and Beyond
Understanding the principles of incident classification and
prioritization is not just essential for passing the GCIH exam
but also crucial in real-world applications. It allows
cybersecurity professionals to strategically manage
incidents, making efficient use of time and r esources.
1. Scenario 1: Your organization receives phishing
emails. While these are potentially harmful, they are
also easier to contain. They may not require immediate
attention if, for instance, a ransomware attack is
happening simultaneously.
2. Scenario 2: Your core business application has some
unusual activity. This is mission-critical and affects
business continuity, so the priority is higher.
3. Scenario 3: There's a malware alert on a non-critical
system. However, upon inspection, you realize it's a
zero-day exploit. The lack of immediate business
impact may be low, but the sophistication level propels
it to a higher priority.
Challenges in Classification and Prioritization
One of the challenges is to keep everyone on the same
page. As incident classification and prioritization require
input from various organizational units (IT, Legal, Business,
etc.), having a centralized, well-documented approach is
essential. Inconsistencies in classification can lead to
confusion and delays in response.
Another challenge is to adapt to the changing landscape. As
new types of incidents emerge, the criteria for classification
and prioritization must evolve. Regular training sessions and
updates to the incident response plan are essential.
Importance in the GCIH Exam and Beyond
Understanding the principles of incident classification and
prioritization is not just essential for passing the GCIH exam
but also crucial in real-world applications. It allows
cybersecurity professionals to strategically manage
incidents, making efficient use of time and r esources.
Conclusion
Incident classification and prioritization are vital
components in effective incident handling. They form the
basis on which the entire incident response activity is
planned and executed. A well-defined, scalable classification
and prioritization process can significantly improve the
effectiveness of an organization’s incident response
capabilities. It ensures that high-impact incidents are
addressed urgently and that resources are used optimally.
While the task is challenging, it is indispensable in today's
complex and ever-changing threat landscape. As a
cybersecurity professional, mastery over this process is
essential for both your performance in the GCIH exam and
your competence in real-world scenarios.
2.3.Incident Handling Documentation
In the complex world of cybersecurity, one often overlooked
but critical aspect of incident response is documentation.
Failing to adequately document your actions can lead to
legal complications, regulatory fines, and even hamper the
effectiveness of your incident response. Incident handling
documentation serves as a historical record, a legal
safeguard, and an invaluable resource for future incident
handling and training. In this segment, we will delve into
why documentation is essential, what it entails, and best
practices for maintaining thorough records.
The Importance of Documentation
Imagine a scenario where a major cybersecurity incident
occurs, like a data breach. The response team springs into
action, stopping the attack and restoring normal operations.
A couple of weeks later, a regulatory body requests all
incident-related records, and you realize there is none. Now,
Incident classification and prioritization are vital
components in effective incident handling. They form the
basis on which the entire incident response activity is
planned and executed. A well-defined, scalable classification
and prioritization process can significantly improve the
effectiveness of an organization’s incident response
capabilities. It ensures that high-impact incidents are
addressed urgently and that resources are used optimally.
While the task is challenging, it is indispensable in today's
complex and ever-changing threat landscape. As a
cybersecurity professional, mastery over this process is
essential for both your performance in the GCIH exam and
your competence in real-world scenarios.
2.3.Incident Handling Documentation
In the complex world of cybersecurity, one often overlooked
but critical aspect of incident response is documentation.
Failing to adequately document your actions can lead to
legal complications, regulatory fines, and even hamper the
effectiveness of your incident response. Incident handling
documentation serves as a historical record, a legal
safeguard, and an invaluable resource for future incident
handling and training. In this segment, we will delve into
why documentation is essential, what it entails, and best
practices for maintaining thorough records.
The Importance of Documentation
Imagine a scenario where a major cybersecurity incident
occurs, like a data breach. The response team springs into
action, stopping the attack and restoring normal operations.
A couple of weeks later, a regulatory body requests all
incident-related records, and you realize there is none. Now,
not only is the organization vulnerable to legal
repercussions, but it also lacks critical data to prevent future
incidents. Herein lies the importance of documentation.
Legal Safeguard: In the eyes of the law, if it's not
documented, it didn't happen. Documentation serves as
evidence to demonstrate that you've followed industry best
practices and compliance requirements during and after an
incident.
Quality Assurance: Proper documentation enables a post-
mortem analysis, allowing you to learn from each incident. It
can show you where you did well and where your team
needs improvement.
Training Material: Detailed documentation can serve as
case studies for future employee training, improving overall
incident handling over time.
Knowledge Management : Over time, documentation can
serve as a knowledge base, helping to resolve similar
incidents faster.
Components of Incident Handling
Documentation
So what should a comprehensive incident documentation
include?
1. Incident Summary: A brief outline of the incident—
what happened, when it happened, and what was
affected.
2. Initial Indicators: Details of the initial signs that
prompted an investigation. It could be an alert from an
IDS/IPS, an abnormality in log files, or user r eports.
3. Timeline: A meticulous chronology of the incident. It
should include when the incident was first detected,
repercussions, but it also lacks critical data to prevent future
incidents. Herein lies the importance of documentation.
Legal Safeguard: In the eyes of the law, if it's not
documented, it didn't happen. Documentation serves as
evidence to demonstrate that you've followed industry best
practices and compliance requirements during and after an
incident.
Quality Assurance: Proper documentation enables a post-
mortem analysis, allowing you to learn from each incident. It
can show you where you did well and where your team
needs improvement.
Training Material: Detailed documentation can serve as
case studies for future employee training, improving overall
incident handling over time.
Knowledge Management : Over time, documentation can
serve as a knowledge base, helping to resolve similar
incidents faster.
Components of Incident Handling
Documentation
So what should a comprehensive incident documentation
include?
1. Incident Summary: A brief outline of the incident—
what happened, when it happened, and what was
affected.
2. Initial Indicators: Details of the initial signs that
prompted an investigation. It could be an alert from an
IDS/IPS, an abnormality in log files, or user r eports.
3. Timeline: A meticulous chronology of the incident. It
should include when the incident was first detected,
when different team members were alerted, actions
taken, and the eventual resolution.
4. Incident Classification : Details about the
classification of the incident, as discussed in the
previous section.
5. Affected Systems and Data: A list of all systems,
applications, and data affected, along with the impact
assessment.
6. Response Actions: Detailed steps taken for
containment, eradication, and recovery, along with who
performed these actions and when.
7. Mitigation Strategies: Documentation of temporary
and permanent measures put in place to mitigate the
impact of the incident.
8. External Communications : Records of all
communications with third parties, be it customers,
regulatory bodies, or law enforcement agencies.
9. Lessons Learned: Summary of what the team learned
from handling the incident, along with
recommendations for future actions.
10. Evidence: Screenshots, logs, or other forms of
evidence collected during the investigation.
11. Escalation and Notification : Documentation of when
higher-ups or external bodies were notified, how, and
by whom.
12. Cost of the Incident: If possible, an estimate of the
financial impact, including man-hours spent, legal
costs, and any potential fines or compensation.
Best Practices
Real-Time Documentation : The most effective
documentation is done in real-time or as close to it as
taken, and the eventual resolution.
4. Incident Classification : Details about the
classification of the incident, as discussed in the
previous section.
5. Affected Systems and Data: A list of all systems,
applications, and data affected, along with the impact
assessment.
6. Response Actions: Detailed steps taken for
containment, eradication, and recovery, along with who
performed these actions and when.
7. Mitigation Strategies: Documentation of temporary
and permanent measures put in place to mitigate the
impact of the incident.
8. External Communications : Records of all
communications with third parties, be it customers,
regulatory bodies, or law enforcement agencies.
9. Lessons Learned: Summary of what the team learned
from handling the incident, along with
recommendations for future actions.
10. Evidence: Screenshots, logs, or other forms of
evidence collected during the investigation.
11. Escalation and Notification : Documentation of when
higher-ups or external bodies were notified, how, and
by whom.
12. Cost of the Incident: If possible, an estimate of the
financial impact, including man-hours spent, legal
costs, and any potential fines or compensation.
Best Practices
Real-Time Documentation : The most effective
documentation is done in real-time or as close to it as
possible. It ensures that no crucial detail is left out.
Standardized Templates: Having a pre-defined
documentation template ensures that all relevant details are
captured consistently.
Role-based Documentation : Assign specific
documentation tasks to different roles in your incident
response team. For instance, one person could be
responsible for capturing technical details while another
could focus on the business impact.
Secure Storage: Given that the documentation will contain
sensitive information, secure its storage and control access
strictly.
Data Integrity: Ensure that the documentation is
immutable. If edits are made, they should be appended
rather than overwrite existing information.
Regular Updates: As the incident evolves, update the
documentation to reflect new findings, actions taken, and
impact.
Compliance: Ensure that the documentation meets
regulatory and organizational standards. The document may
need to be ISO 27001 compliant or adhere to the NIST
framework, for instance.
Legal Review: Before finalizing, the documentation should
be reviewed by legal experts to ensure that it meets all
regulatory and legal requirements.
Format and Tools: Documentation can range from simple
text files to sophisticated incident management systems
that can integrate with other tools like SIEM (Security
Information and Event Management) systems. The choice
depends on the organization's needs, complexity, and
compliance requirements.
Challenges
Standardized Templates: Having a pre-defined
documentation template ensures that all relevant details are
captured consistently.
Role-based Documentation : Assign specific
documentation tasks to different roles in your incident
response team. For instance, one person could be
responsible for capturing technical details while another
could focus on the business impact.
Secure Storage: Given that the documentation will contain
sensitive information, secure its storage and control access
strictly.
Data Integrity: Ensure that the documentation is
immutable. If edits are made, they should be appended
rather than overwrite existing information.
Regular Updates: As the incident evolves, update the
documentation to reflect new findings, actions taken, and
impact.
Compliance: Ensure that the documentation meets
regulatory and organizational standards. The document may
need to be ISO 27001 compliant or adhere to the NIST
framework, for instance.
Legal Review: Before finalizing, the documentation should
be reviewed by legal experts to ensure that it meets all
regulatory and legal requirements.
Format and Tools: Documentation can range from simple
text files to sophisticated incident management systems
that can integrate with other tools like SIEM (Security
Information and Event Management) systems. The choice
depends on the organization's needs, complexity, and
compliance requirements.
Challenges
Timeliness vs. Completeness: Striking the right balance
between documenting in real-time and responding to the
incident can be challenging.
Inter-Departmental Coordination: Getting accurate data
from all departments involved, each with its own priorities
and constraints, is another challenge.
Data Sensitivity: Extra care must be taken when the
incident involves sensitive data, as the documentation itself
then becomes a high-value asset.
Conclusion
Documenting incident handling is not just a best practice
but a critical requirement for effective cybersecurity
management. When carried out methodically and updated
regularly, it serves multiple functions, from legal
safeguarding to performance enhancement. As
cybersecurity professionals, especially those preparing for
the GCIH exam, you must master not just the technical
aspects of incident handling but also the administrative and
compliance elements, among which documentation is
paramount. Therefore, understanding how to properly
document incidents is not just about passing the exam but
about being prepared for real-world challenges that every
organization inevitably faces.
2.4.Legal and Ethical Considerations
In the fast-paced and technically demanding world of
incident response, it can be easy to focus solely on the
technical aspects of the job. However, incident handlers
must also be well-versed in the legal and ethical
considerations that come into play during and after an
incident. This section aims to provide an in-depth look at
between documenting in real-time and responding to the
incident can be challenging.
Inter-Departmental Coordination: Getting accurate data
from all departments involved, each with its own priorities
and constraints, is another challenge.
Data Sensitivity: Extra care must be taken when the
incident involves sensitive data, as the documentation itself
then becomes a high-value asset.
Conclusion
Documenting incident handling is not just a best practice
but a critical requirement for effective cybersecurity
management. When carried out methodically and updated
regularly, it serves multiple functions, from legal
safeguarding to performance enhancement. As
cybersecurity professionals, especially those preparing for
the GCIH exam, you must master not just the technical
aspects of incident handling but also the administrative and
compliance elements, among which documentation is
paramount. Therefore, understanding how to properly
document incidents is not just about passing the exam but
about being prepared for real-world challenges that every
organization inevitably faces.
2.4.Legal and Ethical Considerations
In the fast-paced and technically demanding world of
incident response, it can be easy to focus solely on the
technical aspects of the job. However, incident handlers
must also be well-versed in the legal and ethical
considerations that come into play during and after an
incident. This section aims to provide an in-depth look at
these aspects, covering why they matter, what they entail,
and how to navigate them effectively .
Why Legal and Ethical Considerations Matter
Ignoring the legal and ethical dimensions of incident
handling can lead to severe consequences for both the
incident response team and the organization. These
consequences can range from fines and legal penalties to
reputational damage and loss of trust among customers and
stakeholders. Furthermore, ethical lapses can erode team
morale and integrity, eventually compromising the efficacy
of future incident response operations.
Legal Compliance
Incident handlers often have access to sensitive data and
are responsible for taking actions that could impact the
privacy and security of both internal and external
stakeholders. Various laws, regulations, and standards apply
to how this data is to be handled, disclosed, or reported.
●Data Protection Laws: Regulations such as the
General Data Protection Regulation (GDPR) in Europe
and the California Consumer Privacy Act (CCPA) in the
United States mandate how personal data should be
managed, including during an incident.
●Sector-Specific Regulations: Industries like
healthcare (HIPAA) and finance (GLBA, SOX) have their
own sets of rules around data protection and incident
handling.
●Breach Notification Laws: Many jurisdictions require
organizations to notify affected parties and/or regulatory
bodies in the event of a breach.
Ethical Responsibility
Beyond legal mandates, incident handlers have an ethical
responsibility to act in the best interests of all stakeholders.
and how to navigate them effectively .
Why Legal and Ethical Considerations Matter
Ignoring the legal and ethical dimensions of incident
handling can lead to severe consequences for both the
incident response team and the organization. These
consequences can range from fines and legal penalties to
reputational damage and loss of trust among customers and
stakeholders. Furthermore, ethical lapses can erode team
morale and integrity, eventually compromising the efficacy
of future incident response operations.
Legal Compliance
Incident handlers often have access to sensitive data and
are responsible for taking actions that could impact the
privacy and security of both internal and external
stakeholders. Various laws, regulations, and standards apply
to how this data is to be handled, disclosed, or reported.
●Data Protection Laws: Regulations such as the
General Data Protection Regulation (GDPR) in Europe
and the California Consumer Privacy Act (CCPA) in the
United States mandate how personal data should be
managed, including during an incident.
●Sector-Specific Regulations: Industries like
healthcare (HIPAA) and finance (GLBA, SOX) have their
own sets of rules around data protection and incident
handling.
●Breach Notification Laws: Many jurisdictions require
organizations to notify affected parties and/or regulatory
bodies in the event of a breach.
Ethical Responsibility
Beyond legal mandates, incident handlers have an ethical
responsibility to act in the best interests of all stakeholders.
This includes respecting privacy, ensuring fairness,
maintaining honesty, and striving for excellence in all
aspects of incident response.
Key Legal Considerations
1. Jurisdiction: Given that cyber threats often cross
international borders, understanding the jurisdictions
involved is crucial. Different countries have their own
legal requirements for data protection and breach
notification.
2. Chain of Custody: Documenting the exact sequence
of who has accessed or modified evidence is crucial for
its admissibility in a court of law.
3. Consent and Authorization: When handling
incidents that involve third-party systems or data,
ensure that you have the proper consents and
authorizations before taking any action.
4. Liability: Incident handlers and organizations can be
held liable for failure to follow due process, or for
taking actions that result in harm to stakeholders.
5. Intellectual Property: When analyzing malware or
attacker techniques, be mindful of intellectual property
laws, as reverse engineering may be considered illegal
in some cases.
6. Contractual Obligations: Service Level Agreements
(SLAs) and other contracts may specify legal
requirements for incident handling and response times.
Key Ethical Considerations
1. Confidentiality : Information related to an incident,
especially personally identifiable information (PII),
should be treated with the highest level of
confidentiality.
maintaining honesty, and striving for excellence in all
aspects of incident response.
Key Legal Considerations
1. Jurisdiction: Given that cyber threats often cross
international borders, understanding the jurisdictions
involved is crucial. Different countries have their own
legal requirements for data protection and breach
notification.
2. Chain of Custody: Documenting the exact sequence
of who has accessed or modified evidence is crucial for
its admissibility in a court of law.
3. Consent and Authorization: When handling
incidents that involve third-party systems or data,
ensure that you have the proper consents and
authorizations before taking any action.
4. Liability: Incident handlers and organizations can be
held liable for failure to follow due process, or for
taking actions that result in harm to stakeholders.
5. Intellectual Property: When analyzing malware or
attacker techniques, be mindful of intellectual property
laws, as reverse engineering may be considered illegal
in some cases.
6. Contractual Obligations: Service Level Agreements
(SLAs) and other contracts may specify legal
requirements for incident handling and response times.
Key Ethical Considerations
1. Confidentiality : Information related to an incident,
especially personally identifiable information (PII),
should be treated with the highest level of
confidentiality.
2. Integrity: Ensure the accuracy and completeness of all
activities and reports. Manipulating or concealing
information is not only unethical but also illegal.
3. Professionalism: Maintain a high level of professional
conduct, respecting all stakeholders and following
industry best practices.
4. Transparency: While it’s important to maintain
confidentiality, it's also crucial to be transparent with
stakeholders about the status of an incident, as per the
legal requirements and organizational policies.
5. Fairness: Be impartial in your analysis and reporting.
Discrimination or preferential treatment is
unacceptable.
Best Practices for Navigating Legal and Ethical
Waters
1. Consult Legal Counsel: Involve legal experts from
the start to guide you through the intricacies of laws
and regulations relevant to the incident.
2. Comprehensive Documentation : Keep meticulous
records of all actions taken, decisions made, and
notifications sent, as these can serve as legal evidence.
3. Ethical Guidelines: Establish and follow a code of
ethics for incident handling. Make sure every member
of the team understands these guidelines.
4. Training and Awareness: Regularly update the team
on legal and ethical obligations through training and
awareness programs.
5. Third-party Coordination: If the incident involves
third parties, make sure to understand their legal and
ethical guidelines as well. Joint incidents should be
activities and reports. Manipulating or concealing
information is not only unethical but also illegal.
3. Professionalism: Maintain a high level of professional
conduct, respecting all stakeholders and following
industry best practices.
4. Transparency: While it’s important to maintain
confidentiality, it's also crucial to be transparent with
stakeholders about the status of an incident, as per the
legal requirements and organizational policies.
5. Fairness: Be impartial in your analysis and reporting.
Discrimination or preferential treatment is
unacceptable.
Best Practices for Navigating Legal and Ethical
Waters
1. Consult Legal Counsel: Involve legal experts from
the start to guide you through the intricacies of laws
and regulations relevant to the incident.
2. Comprehensive Documentation : Keep meticulous
records of all actions taken, decisions made, and
notifications sent, as these can serve as legal evidence.
3. Ethical Guidelines: Establish and follow a code of
ethics for incident handling. Make sure every member
of the team understands these guidelines.
4. Training and Awareness: Regularly update the team
on legal and ethical obligations through training and
awareness programs.
5. Third-party Coordination: If the incident involves
third parties, make sure to understand their legal and
ethical guidelines as well. Joint incidents should be
managed in a way that meets the highest standard on
both ends.
Challenges in Managing Legal and Ethical
Considerations
1. Balancing Act: The need for rapid action in incident
handling often conflicts with the time required for
thorough legal review.
2. Global Operations: Companies operating in multiple
jurisdictions have the added complexity of navigating
diverse and sometimes conflicting laws.
3. Ambiguity: Legal and ethical considerations are not
always clear-cut. There can be situations where the
best course of action is not obvious.
4. Resource Constraints : Small and medium enterprises
might lack the resources for legal consultation and
ethical training, making compliance more challenging.
Conclusion
Legal and ethical considerations in incident handling are
complex but crucial. As you prepare for the GCIH exam,
understanding these aspects is vital not just for passing the
test but also for becoming a responsible and effective
incident handler in the real world. Ignoring these
considerations can lead to far-reaching consequences that
could jeopardize your career and the organization you
represent. By keeping abreast of the relevant laws and
ethical guidelines, consulting with legal experts, and
maintaining a commitment to ethical behavior, you can
significantly mitigate these risks. So, as you work on
becoming proficient in the technical aspects of incident
handling, don’t forget to equip yourself with the legal and
ethical knowledge and skills you'll need to excel in this
multifaceted field.
both ends.
Challenges in Managing Legal and Ethical
Considerations
1. Balancing Act: The need for rapid action in incident
handling often conflicts with the time required for
thorough legal review.
2. Global Operations: Companies operating in multiple
jurisdictions have the added complexity of navigating
diverse and sometimes conflicting laws.
3. Ambiguity: Legal and ethical considerations are not
always clear-cut. There can be situations where the
best course of action is not obvious.
4. Resource Constraints : Small and medium enterprises
might lack the resources for legal consultation and
ethical training, making compliance more challenging.
Conclusion
Legal and ethical considerations in incident handling are
complex but crucial. As you prepare for the GCIH exam,
understanding these aspects is vital not just for passing the
test but also for becoming a responsible and effective
incident handler in the real world. Ignoring these
considerations can lead to far-reaching consequences that
could jeopardize your career and the organization you
represent. By keeping abreast of the relevant laws and
ethical guidelines, consulting with legal experts, and
maintaining a commitment to ethical behavior, you can
significantly mitigate these risks. So, as you work on
becoming proficient in the technical aspects of incident
handling, don’t forget to equip yourself with the legal and
ethical knowledge and skills you'll need to excel in this
multifaceted field.
3. Threats and Attacks
As we venture further into the intricate landscape of
incident handling and cybersecurity, understanding the
multitude of threats and attacks that professionals face is
paramount. The third chapter of this comprehensive guide
to the GCIH certification shifts the lens from the
frameworks, processes, and ethical considerations of
incident handling to focus on the very elements that make
such activities necessary in the first place—threats and
attacks.
Why is a deep understanding of threats and attacks
indispensable for anyone aspiring for a GCIH certification or
a career in cybersecurity? The answer is straightforward yet
profound: you can't effectively defend against what you
don't understand. It's akin to a medical professional needing
As we venture further into the intricate landscape of
incident handling and cybersecurity, understanding the
multitude of threats and attacks that professionals face is
paramount. The third chapter of this comprehensive guide
to the GCIH certification shifts the lens from the
frameworks, processes, and ethical considerations of
incident handling to focus on the very elements that make
such activities necessary in the first place—threats and
attacks.
Why is a deep understanding of threats and attacks
indispensable for anyone aspiring for a GCIH certification or
a career in cybersecurity? The answer is straightforward yet
profound: you can't effectively defend against what you
don't understand. It's akin to a medical professional needing
a thorough understanding of various diseases and their
symptoms to diagnose and treat patients effectively.
Similarly, an incident handler must be well-versed in the
different kinds of cyber threats and attacks, their
characteristics, and their implications to respond to and
mitigate them effectively .
This chapter serves as a foundational pillar, not just for
those preparing for the GCIH exam but for anyone aiming to
become competent in cybersecurity. As you navigate
through this chapter, you will:
1. Understand Types of Cyber Threats: Learn about
the wide array of threats in cyberspace, ranging from
individual hackers to sophisticated nation-state actors.
We will discuss threats like Advanced Persistent Threats
(APTs), ransomware, phishing, and insider threats,
among others.
2. Explore Attack Vectors and Techniques:
Understand the channels and methods used by
adversaries to exploit systems. From classic techniques
like SQL injection and cross-site scripting to more
advanced methods like spear phishing and supply
chain attacks, we delve deep into the anatomy of
various attack vectors.
3. Grasp Malware Analysis: Discover the world of
malware and its various forms—viruses, worms,
Trojans, and more. Learn how malware is designed, how
it propagates, and how it can be analyzed for better
threat intelligence.
4. Examine Web-Based Attacks: Web applications are
often the frontline of cyber conflicts. Learn about
different kinds of attacks that target web platforms,
including but not limited to DDoS attacks, credential
stuffing, and Man-in-the-Middle (MitM) attacks.
symptoms to diagnose and treat patients effectively.
Similarly, an incident handler must be well-versed in the
different kinds of cyber threats and attacks, their
characteristics, and their implications to respond to and
mitigate them effectively .
This chapter serves as a foundational pillar, not just for
those preparing for the GCIH exam but for anyone aiming to
become competent in cybersecurity. As you navigate
through this chapter, you will:
1. Understand Types of Cyber Threats: Learn about
the wide array of threats in cyberspace, ranging from
individual hackers to sophisticated nation-state actors.
We will discuss threats like Advanced Persistent Threats
(APTs), ransomware, phishing, and insider threats,
among others.
2. Explore Attack Vectors and Techniques:
Understand the channels and methods used by
adversaries to exploit systems. From classic techniques
like SQL injection and cross-site scripting to more
advanced methods like spear phishing and supply
chain attacks, we delve deep into the anatomy of
various attack vectors.
3. Grasp Malware Analysis: Discover the world of
malware and its various forms—viruses, worms,
Trojans, and more. Learn how malware is designed, how
it propagates, and how it can be analyzed for better
threat intelligence.
4. Examine Web-Based Attacks: Web applications are
often the frontline of cyber conflicts. Learn about
different kinds of attacks that target web platforms,
including but not limited to DDoS attacks, credential
stuffing, and Man-in-the-Middle (MitM) attacks.
As you work through this chapter, it will become evident
that the field of cybersecurity is not static; it is a dynamic,
ever-evolving landscape. New threats are emerging
continuously, and old ones are getting sophisticated
makeovers. Keeping up with these changes is not just
crucial for passing the GCIH exam but also for succeeding in
any cybersecurity role.
In sum, this chapter aims to arm you with the knowledge
and insights required to understand the threats you'll be
facing in the cyber world. Such understanding is a crucial
step towards effective incident handling. So, as you read
through each section, take the time to reflect, understand,
and internalize these concepts. They will be your building
blocks for becoming not just a certified professional but a
capable defender in the world of cybersecurity.
3.1.Types of Cyber Threats
Understanding the various types of cyber threats is a critical
first step for anyone aspiring to make a career in
cybersecurity or aiming to clear the GCIH (GIAC Certified
Incident Handler) examination. Cyber threats are continually
evolving, adapting, and becoming more sophisticated with
time. Whether you're a cybersecurity professional, a
business owner, or just a casual internet user, awareness of
these threats can be the difference between staying secure
and falling victim to a potentially devastating cyber-attack.
Individual Hackers vs. Organized Crime vs.
Nation-States
It's vital to recognize that the source of threats can be
incredibly diverse. Individual hackers might be motivated by
the thrill of bypassing security measures or gaining
unauthorized access. Organized crime groups often conduct
that the field of cybersecurity is not static; it is a dynamic,
ever-evolving landscape. New threats are emerging
continuously, and old ones are getting sophisticated
makeovers. Keeping up with these changes is not just
crucial for passing the GCIH exam but also for succeeding in
any cybersecurity role.
In sum, this chapter aims to arm you with the knowledge
and insights required to understand the threats you'll be
facing in the cyber world. Such understanding is a crucial
step towards effective incident handling. So, as you read
through each section, take the time to reflect, understand,
and internalize these concepts. They will be your building
blocks for becoming not just a certified professional but a
capable defender in the world of cybersecurity.
3.1.Types of Cyber Threats
Understanding the various types of cyber threats is a critical
first step for anyone aspiring to make a career in
cybersecurity or aiming to clear the GCIH (GIAC Certified
Incident Handler) examination. Cyber threats are continually
evolving, adapting, and becoming more sophisticated with
time. Whether you're a cybersecurity professional, a
business owner, or just a casual internet user, awareness of
these threats can be the difference between staying secure
and falling victim to a potentially devastating cyber-attack.
Individual Hackers vs. Organized Crime vs.
Nation-States
It's vital to recognize that the source of threats can be
incredibly diverse. Individual hackers might be motivated by
the thrill of bypassing security measures or gaining
unauthorized access. Organized crime groups often conduct
cyber-attacks for monetary gains, which include activities
like ransomware attacks, data breaches, and financial fraud.
On the other end of the spectrum are nation-state actors
who carry out cyber-espionage or cyber-warfare campaigns,
generally with geopolitical motives.
Advanced Persistent Threats (APT s)
Advanced Persistent Threats are long-term, sophisticated
attacks that often involve a high level of planning and
coordination. Typically, APTs are state-sponsored and aim at
infiltrating and establishing a foothold in target networks to
gather intelligence or steal sensitive data over an extended
period. What makes APTs particularly insidious is their ability
to remain undetected for long durations, continually
exfiltrating data or monitoring the activities of their targets.
Ransomware
One of the most widely discussed cyber threats today is
ransomware. These attacks involve malware that encrypts
files on a victim’s computer or network, with the attacker
demanding a ransom to restore the data. Ransomware
attacks have been increasingly targeting not just individuals
but also large corporations, municipalities, and even
healthcare institutions. The economic impact of a successful
ransomware attack can be devastating and, in some cases,
can halt the operations of an entire organization.
Phishing and Spear Phishing
Phishing involves sending fraudulent messages, usually
through email, that seem to be from a trustworthy source.
The goal is to trick the recipient into revealing sensitive
information like login credentials or credit card numbers.
Spear phishing is a more targeted form of phishing where
the attacker customizes the message to a specific individual
or organization, making it harder to recognize the
deception.
like ransomware attacks, data breaches, and financial fraud.
On the other end of the spectrum are nation-state actors
who carry out cyber-espionage or cyber-warfare campaigns,
generally with geopolitical motives.
Advanced Persistent Threats (APT s)
Advanced Persistent Threats are long-term, sophisticated
attacks that often involve a high level of planning and
coordination. Typically, APTs are state-sponsored and aim at
infiltrating and establishing a foothold in target networks to
gather intelligence or steal sensitive data over an extended
period. What makes APTs particularly insidious is their ability
to remain undetected for long durations, continually
exfiltrating data or monitoring the activities of their targets.
Ransomware
One of the most widely discussed cyber threats today is
ransomware. These attacks involve malware that encrypts
files on a victim’s computer or network, with the attacker
demanding a ransom to restore the data. Ransomware
attacks have been increasingly targeting not just individuals
but also large corporations, municipalities, and even
healthcare institutions. The economic impact of a successful
ransomware attack can be devastating and, in some cases,
can halt the operations of an entire organization.
Phishing and Spear Phishing
Phishing involves sending fraudulent messages, usually
through email, that seem to be from a trustworthy source.
The goal is to trick the recipient into revealing sensitive
information like login credentials or credit card numbers.
Spear phishing is a more targeted form of phishing where
the attacker customizes the message to a specific individual
or organization, making it harder to recognize the
deception.
Insider Threats
Insider threats come from within the organization and can
be any employee, contractor, or business partner who has
inside information concerning the organization's security
practices, data, and computer systems. The threat could be
intentional or unintentional, ranging from data leaks, theft
of intellectual property, to sabotage.
Botnets
Botnets are networks of compromised computers controlled
by an attacker. These can be used for various malicious
activities, including DDoS attacks, sending spam, and
distributing malware. Botnets represent a severe threat
because they leverage the combined computing power of
multiple systems, making mitigation efforts more
complicated.
Social Engineering Attacks
This category involves exploiting human psychology rather
than technical vulnerabilities. Attackers manipulate people
into revealing confidential information or performing certain
actions that compromise security. Tactics can include
pretexting, baiting, and tailgating.
Man-in-the-Middle (MitM) Attacks
In a Man-in-the-Middle attack, the attacker intercepts
communication between two parties without their
knowledge, potentially altering the communication or using
the information for malicious purposes. This kind of attack is
prevalent in unsecured Wi-Fi networks and is often used to
steal login credentials or personal information.
DDoS Attacks
Distributed Denial of Service (DDoS) attacks involve
overwhelming a network, service, or website with more
Insider threats come from within the organization and can
be any employee, contractor, or business partner who has
inside information concerning the organization's security
practices, data, and computer systems. The threat could be
intentional or unintentional, ranging from data leaks, theft
of intellectual property, to sabotage.
Botnets
Botnets are networks of compromised computers controlled
by an attacker. These can be used for various malicious
activities, including DDoS attacks, sending spam, and
distributing malware. Botnets represent a severe threat
because they leverage the combined computing power of
multiple systems, making mitigation efforts more
complicated.
Social Engineering Attacks
This category involves exploiting human psychology rather
than technical vulnerabilities. Attackers manipulate people
into revealing confidential information or performing certain
actions that compromise security. Tactics can include
pretexting, baiting, and tailgating.
Man-in-the-Middle (MitM) Attacks
In a Man-in-the-Middle attack, the attacker intercepts
communication between two parties without their
knowledge, potentially altering the communication or using
the information for malicious purposes. This kind of attack is
prevalent in unsecured Wi-Fi networks and is often used to
steal login credentials or personal information.
DDoS Attacks
Distributed Denial of Service (DDoS) attacks involve
overwhelming a network, service, or website with more
traffic than it can handle, rendering it unusable. These
attacks are often used to distract IT teams while another
cyber-attack is executed.
Credential Stuffing and Brute-force Attacks
Both of these attacks focus on gaining unauthorized access
to systems. In credential stuffing, attackers use previously
leaked usernames and passwords, hoping that individuals
have reused them on other platforms. Brute-force attacks
involve systematically attempting all possible combinations
until the correct one is found.
Supply Chain Attacks
In these attacks, an attacker compromises one element of a
supply chain, like a software update or vendor platform, to
attack organizations further up the chain. These attacks can
be hard to detect and mitigate because they exploit the
trusted relationships between businesses.
Zero-days
Zero-day attacks exploit vulnerabilities in software or
hardware that are unknown to the vendor and, therefore,
have not yet been patched. These are particularly
dangerous because there’s often little defense against them
until a fix is issued.
Understanding these different types of threats is crucial for
several reasons. Firstly, it allows cybersecurity professionals
to develop tailored defense mechanisms for specific kinds of
threats. Secondly, it enables organizations to prioritize their
security investments effectively. Lastly, it empowers
individuals and organizations to adopt a proactive stance
towards cybersecurity, rather than a reactive one.
Whether you're studying for the GCIH certification or looking
to broaden your cybersecurity expertise, knowing the
diverse landscape of cyber threats is foundational. As the
attacks are often used to distract IT teams while another
cyber-attack is executed.
Credential Stuffing and Brute-force Attacks
Both of these attacks focus on gaining unauthorized access
to systems. In credential stuffing, attackers use previously
leaked usernames and passwords, hoping that individuals
have reused them on other platforms. Brute-force attacks
involve systematically attempting all possible combinations
until the correct one is found.
Supply Chain Attacks
In these attacks, an attacker compromises one element of a
supply chain, like a software update or vendor platform, to
attack organizations further up the chain. These attacks can
be hard to detect and mitigate because they exploit the
trusted relationships between businesses.
Zero-days
Zero-day attacks exploit vulnerabilities in software or
hardware that are unknown to the vendor and, therefore,
have not yet been patched. These are particularly
dangerous because there’s often little defense against them
until a fix is issued.
Understanding these different types of threats is crucial for
several reasons. Firstly, it allows cybersecurity professionals
to develop tailored defense mechanisms for specific kinds of
threats. Secondly, it enables organizations to prioritize their
security investments effectively. Lastly, it empowers
individuals and organizations to adopt a proactive stance
towards cybersecurity, rather than a reactive one.
Whether you're studying for the GCIH certification or looking
to broaden your cybersecurity expertise, knowing the
diverse landscape of cyber threats is foundational. As the
old adage goes, knowledge is power. In cybersecurity,
knowledge of the threats you could potentially face is the
first line of defense in a multi-layered security strategy.
3.2.Attack Vectors and Techniques
Equipped with an understanding of the various types of
cyber threats, we now turn our focus to the pathways and
methods that adversaries employ to carry out these threats:
attack vectors and techniques. Knowing the "how" behind
attacks not only informs better defense but also equips
incident handlers, like those aiming for GCIH certification,
with the ability to think like an attacker—a critical skill in
cybersecurity.
Physical Attack Vectors
Before diving into the digital realm, it's essential to
acknowledge that not all cyber threats come from the
internet. Physical attack vectors such as unauthorized
physical access to a data center, USB drives loaded with
malware, or hardware tampering are all ways that an
attacker can compromise security.
Email and Phishing
One of the most commonly exploited vectors is email.
Phishing emails, laden with malicious attachments or links,
aim to deceive recipients into taking actions that
compromise their security. Techniques can range from
simple deceptive messages to highly sophisticated spear-
phishing attacks that are customized to the individual or
organization being targeted.
Web-based Attack Vectors
knowledge of the threats you could potentially face is the
first line of defense in a multi-layered security strategy.
3.2.Attack Vectors and Techniques
Equipped with an understanding of the various types of
cyber threats, we now turn our focus to the pathways and
methods that adversaries employ to carry out these threats:
attack vectors and techniques. Knowing the "how" behind
attacks not only informs better defense but also equips
incident handlers, like those aiming for GCIH certification,
with the ability to think like an attacker—a critical skill in
cybersecurity.
Physical Attack Vectors
Before diving into the digital realm, it's essential to
acknowledge that not all cyber threats come from the
internet. Physical attack vectors such as unauthorized
physical access to a data center, USB drives loaded with
malware, or hardware tampering are all ways that an
attacker can compromise security.
Email and Phishing
One of the most commonly exploited vectors is email.
Phishing emails, laden with malicious attachments or links,
aim to deceive recipients into taking actions that
compromise their security. Techniques can range from
simple deceptive messages to highly sophisticated spear-
phishing attacks that are customized to the individual or
organization being targeted.
Web-based Attack Vectors
Web-based attack vectors exploit vulnerabilities in web
applications and browsers. Examples include Cross-Site
Scripting (XSS), where an attacker injects malicious scripts
into web pages viewed by other users, and SQL Injection,
which involves inserting malicious SQL code into a query.
These attacks can lead to various consequences, such as
data breaches, unauthorized access, or even remote control
over the server.
Drive-by Downloads
In this technique, an attacker embeds a malicious script in
the website's code, automatically downloading malware to
the visitor's computer without their knowledge. This vector
is particularly sinister because it does not require any
interaction from the victim beyond visiting the compromised
website.
Malvertising
Malvertising involves injecting malicious or malware-laden
advertisements into legitimate advertising networks and
websites. Because these ads can appear on trusted sites,
users are more likely to trust them, making them click and
download malicious content.
Social Engineering and Pretexting
Here, the attacker manipulates the victim into divulging
confidential information. Unlike phishing, which generally
uses digital means, social engineering can be conducted in
person or over the phone. Pretexting involves creating a
fabricated scenario (the "pretext") to obtain information or
access from the victim.
Man-in-the-Middle (MitM) Attacks
MitM attacks involve an attacker secretly intercepting and
possibly altering the communication between two parties.
These attacks often occur in unsecured Wi-Fi networks,
applications and browsers. Examples include Cross-Site
Scripting (XSS), where an attacker injects malicious scripts
into web pages viewed by other users, and SQL Injection,
which involves inserting malicious SQL code into a query.
These attacks can lead to various consequences, such as
data breaches, unauthorized access, or even remote control
over the server.
Drive-by Downloads
In this technique, an attacker embeds a malicious script in
the website's code, automatically downloading malware to
the visitor's computer without their knowledge. This vector
is particularly sinister because it does not require any
interaction from the victim beyond visiting the compromised
website.
Malvertising
Malvertising involves injecting malicious or malware-laden
advertisements into legitimate advertising networks and
websites. Because these ads can appear on trusted sites,
users are more likely to trust them, making them click and
download malicious content.
Social Engineering and Pretexting
Here, the attacker manipulates the victim into divulging
confidential information. Unlike phishing, which generally
uses digital means, social engineering can be conducted in
person or over the phone. Pretexting involves creating a
fabricated scenario (the "pretext") to obtain information or
access from the victim.
Man-in-the-Middle (MitM) Attacks
MitM attacks involve an attacker secretly intercepting and
possibly altering the communication between two parties.
These attacks often occur in unsecured Wi-Fi networks,
Random documents with unrelated
content Scribd suggests to you:
content Scribd suggests to you:
The Project Gutenberg eBook of The Cruise of
the Dream Ship
the Dream Ship
This ebook is for the use of anyone anywhere in the United
States and most other parts of the world at no cost and with
almost no restrictions whatsoever. You may copy it, give it away
or re-use it under the terms of the Project Gutenberg License
included with this ebook or online at www.gutenberg.org. If you
are not located in the United States, you will have to check the
laws of the country where you are located before using this
eBook.
Title: The Cruise of the Dream Ship
Author: Ralph Stock
Illustrator: Lynn Bogue Hunt
Release date: April 10, 2017 [eBook #54533]
Language: English
Credits: Produced by Al Haines
*** START OF THE PROJECT GUTENBERG EBOOK THE CRUISE OF
THE DREAM SHIP ***
States and most other parts of the world at no cost and with
almost no restrictions whatsoever. You may copy it, give it away
or re-use it under the terms of the Project Gutenberg License
included with this ebook or online at www.gutenberg.org. If you
are not located in the United States, you will have to check the
laws of the country where you are located before using this
eBook.
Title: The Cruise of the Dream Ship
Author: Ralph Stock
Illustrator: Lynn Bogue Hunt
Release date: April 10, 2017 [eBook #54533]
Language: English
Credits: Produced by Al Haines
*** START OF THE PROJECT GUTENBERG EBOOK THE CRUISE OF
THE DREAM SHIP ***
The Dream Ship
Title page
THE CRUISE OF THE
DREAM SHIP
BY
RALPH STOCK
ILLUSTRATIONS FROM
PHOTOGRAPHS
LINE DRAWINGS
BY
LYNN BOGUE HUNT
GARDEN CITY NEW YORK
DOUBLEDAY, PAGE & COMPANY
1922
DREAM SHIP
BY
RALPH STOCK
ILLUSTRATIONS FROM
PHOTOGRAPHS
LINE DRAWINGS
BY
LYNN BOGUE HUNT
GARDEN CITY NEW YORK
DOUBLEDAY, PAGE & COMPANY
1922
COPYRIGHT, 1921, BY
DOUBLEDAY, PAGE & COMPANY
ALL RIGHTS RESERVED, INCLUDING THAT OF TRANSLATION
INTO FOREIGN LANGUAGES, INCLUDING THE SCANDINAVIAN
COPYRIGHT, 1920, BY NATIONAL GEOGRAPHIC SOCIETY, WASHINGTON, D. C.
PRINTED IN THE UNITED STATES
AT
THE COUNTRY LIFE PRESS, GARDEN CITY, N. Y.
TO
PETER AND STEVE
CONTENTS
CHAPTER
I. THE DREAM
On dreams, and the means to realize them.
II. THE PREPARATION
Concerning preparations in general, and personnel in particular.
III. AT VIGO, OFF THE COAST OF SPAIN
Some confessions and a few morals
DOUBLEDAY, PAGE & COMPANY
ALL RIGHTS RESERVED, INCLUDING THAT OF TRANSLATION
INTO FOREIGN LANGUAGES, INCLUDING THE SCANDINAVIAN
COPYRIGHT, 1920, BY NATIONAL GEOGRAPHIC SOCIETY, WASHINGTON, D. C.
PRINTED IN THE UNITED STATES
AT
THE COUNTRY LIFE PRESS, GARDEN CITY, N. Y.
TO
PETER AND STEVE
CONTENTS
CHAPTER
I. THE DREAM
On dreams, and the means to realize them.
II. THE PREPARATION
Concerning preparations in general, and personnel in particular.
III. AT VIGO, OFF THE COAST OF SPAIN
Some confessions and a few morals
IV. THE CANARY ISLANDS
Dropping the pilot—and the result
V. THE START ACROSS THE ATLANTIC
Visitations—pleasant, and the reverse
VI. THE ARRIVAL AT BRITISH WEST INDIES
Deep-sea thoughts—Concerning Calms—Visitors in mid-Atlantic—
Barbados and beyond
VII. THROUGH THE PANAMA CANAL
From Atlantic to Pacific, and the strange happenings that intervened
VIII. THE GALAPAGOS ISLANDS
The ash heap
IX. THE MARQUESAS ISLANDS
The Real South Seas—Big-game shooting extraordinary—A case of
thwarted ambition
X. THE PAUMOTU ISLANDS
The people of the atolls—including Mr. Mumpus
XI. PAPEETE, TAHITI
Tahiti: its pleasures and problems
Dropping the pilot—and the result
V. THE START ACROSS THE ATLANTIC
Visitations—pleasant, and the reverse
VI. THE ARRIVAL AT BRITISH WEST INDIES
Deep-sea thoughts—Concerning Calms—Visitors in mid-Atlantic—
Barbados and beyond
VII. THROUGH THE PANAMA CANAL
From Atlantic to Pacific, and the strange happenings that intervened
VIII. THE GALAPAGOS ISLANDS
The ash heap
IX. THE MARQUESAS ISLANDS
The Real South Seas—Big-game shooting extraordinary—A case of
thwarted ambition
X. THE PAUMOTU ISLANDS
The people of the atolls—including Mr. Mumpus
XI. PAPEETE, TAHITI
Tahiti: its pleasures and problems
XII. THE ISLAND OF MOOREA
The land of the lizard men—Facts and fancies, including a few
horrors
XIII. PALMERSTON ISLAND
A hint of hurricane—The atoll of perfection, introducing "Mister
Masters himself"
XIV. SAVAGE ISLAND
The Island called "Savage," including the ordeal by hospitality
XV. THE FRIENDLY ISLANDS AND THE END OF THE DREAM
The island that was savage—Dream's end, and a few realities
XVI. THURSDAY ISLAND
Concerning a wild-goose chase, and where it led
XVII. ADVICE TO DREAMERS OF DREAM SHIPS
For the prospective dream-ship owner the world over
APPENDIX
LIST OF ILLUSTRATIONS
The Dream Ship . . . . . . Frontispiece
The land of the lizard men—Facts and fancies, including a few
horrors
XIII. PALMERSTON ISLAND
A hint of hurricane—The atoll of perfection, introducing "Mister
Masters himself"
XIV. SAVAGE ISLAND
The Island called "Savage," including the ordeal by hospitality
XV. THE FRIENDLY ISLANDS AND THE END OF THE DREAM
The island that was savage—Dream's end, and a few realities
XVI. THURSDAY ISLAND
Concerning a wild-goose chase, and where it led
XVII. ADVICE TO DREAMERS OF DREAM SHIPS
For the prospective dream-ship owner the world over
APPENDIX
LIST OF ILLUSTRATIONS
The Dream Ship . . . . . . Frontispiece
The Route of the Dream Ship
Ready for Sea
The Reciprocal Morning Douche, Mid-Ocean
Steve at the Sextant and Peter at the Helm
Peter's Cooking Week
Peter Entertains
The Dream Ship Passes from Atlantic to Pacific
At St. Lucia, West Indies
Launching Outrigger Canoe in the Marquesas
Pascal, the Pearl-Diving Non-starter
A Man of the Atolls
Off Nukuhiva, Marquesas Islands
Pearl-Diver About to Descend
Pearl-Divers in a Paumotan Lagoon
Mr. Mumpus's Blisters
Fish-Spearing on the Reef
Moorea, the Land of the Lizard Men
Ready for Sea
The Reciprocal Morning Douche, Mid-Ocean
Steve at the Sextant and Peter at the Helm
Peter's Cooking Week
Peter Entertains
The Dream Ship Passes from Atlantic to Pacific
At St. Lucia, West Indies
Launching Outrigger Canoe in the Marquesas
Pascal, the Pearl-Diving Non-starter
A Man of the Atolls
Off Nukuhiva, Marquesas Islands
Pearl-Diver About to Descend
Pearl-Divers in a Paumotan Lagoon
Mr. Mumpus's Blisters
Fish-Spearing on the Reef
Moorea, the Land of the Lizard Men
Moorea Greets the Dream Ship
The Leaning Palms
Landing on Palmerston Island
The National Sport at Palmerston Island
Dragging a Boat Through the Reef Pass
The Taro Patch
Mr. Masters Himself
The Dream Ship Bargain Sale
Thursday Island Pearling Luggers
In the Old Days of the "Floating Station" Schooner
High Holiday on a "T.I." Beach
Festival Headdress of Torres Straits Islanders
The Japanese Club
Out of the Deep
The Main Products of Torres Straits
An Islander's Home on T.I.
The Tennis Handicap
The Leaning Palms
Landing on Palmerston Island
The National Sport at Palmerston Island
Dragging a Boat Through the Reef Pass
The Taro Patch
Mr. Masters Himself
The Dream Ship Bargain Sale
Thursday Island Pearling Luggers
In the Old Days of the "Floating Station" Schooner
High Holiday on a "T.I." Beach
Festival Headdress of Torres Straits Islanders
The Japanese Club
Out of the Deep
The Main Products of Torres Straits
An Islander's Home on T.I.
The Tennis Handicap
Lines of the Dream Ship, Designed by Colin Archer and Built at
Porsgrund, Norway, in 1908
Sail and Rigging Plan of the Dream Ship
THE CRUISE OF THE DREAM SHIP
On dreams, and the means to realize them
Chapter I headpiece
CHAPTER I
On dreams, and the means to realize them
Porsgrund, Norway, in 1908
Sail and Rigging Plan of the Dream Ship
THE CRUISE OF THE DREAM SHIP
On dreams, and the means to realize them
Chapter I headpiece
CHAPTER I
On dreams, and the means to realize them
We all have our dreams. Without them we should be clods. It is in
our dreams that we accomplish the impossible; the rich man dumps
his load of responsibility and lives in a log shack on a mountain top,
the poor man becomes rich, the stay-at-home travels, the wanderer
finds an abiding place.
For more years than I like to recall my dream has been to cruise
through the South Sea Islands in my own ship, and if you had ever
been to the South Sea Islands, it would be yours also. They are the
sole remaining spot on this earth that is not infested with big-game-
shooting expeditions, globe-trotters, or profiteers, where the
inhabitants know how to live, and where the unfortunate from
distant and turbulent lands can still find interest, enjoyment, and
peace.
My dream was as impracticable as most. There was a war to be
attended to and lived through if Providence so willed. There was a
ship to be bought, fitted out, and provisioned on a bank balance that
would fill the modern cat's-meat-man with contempt. There were the
little matters of cramming into a chronically unmathematical head
sufficient knowledge of navigation to steer such a ship across the
world when she was bought, and of finding a crew that would work
her without hope of monetary reward.
The thing looked and sounded sufficiently like comic opera to
deter me from mentioning it to any but a select few, and they
laughed. Yet such is the driving power of a dream if its fulfilment is
sufficiently desired that I write in retrospect with my vision a secure
and accomplished fact.
Exactly how it all came about I find it difficult to recall. I have
vague recollections of crouching in dug-outs in France, and while
our dreams that we accomplish the impossible; the rich man dumps
his load of responsibility and lives in a log shack on a mountain top,
the poor man becomes rich, the stay-at-home travels, the wanderer
finds an abiding place.
For more years than I like to recall my dream has been to cruise
through the South Sea Islands in my own ship, and if you had ever
been to the South Sea Islands, it would be yours also. They are the
sole remaining spot on this earth that is not infested with big-game-
shooting expeditions, globe-trotters, or profiteers, where the
inhabitants know how to live, and where the unfortunate from
distant and turbulent lands can still find interest, enjoyment, and
peace.
My dream was as impracticable as most. There was a war to be
attended to and lived through if Providence so willed. There was a
ship to be bought, fitted out, and provisioned on a bank balance that
would fill the modern cat's-meat-man with contempt. There were the
little matters of cramming into a chronically unmathematical head
sufficient knowledge of navigation to steer such a ship across the
world when she was bought, and of finding a crew that would work
her without hope of monetary reward.
The thing looked and sounded sufficiently like comic opera to
deter me from mentioning it to any but a select few, and they
laughed. Yet such is the driving power of a dream if its fulfilment is
sufficiently desired that I write in retrospect with my vision a secure
and accomplished fact.
Exactly how it all came about I find it difficult to recall. I have
vague recollections of crouching in dug-outs in France, and while
others had recourse during their leisure to letter-cases replete with
photographs of fluffy girls, I pored with equal interest over plans and
designs of my dream ship.
In hospital it was the same, and when a medical board politely
ushered me into the street a free man, it took me rather less than
four hours to reach the nearest seaport and commence a search that
covered the best part of six months.
It is no easy matter to find the counterpart of a dream ship, but
in the end I found her patiently awaiting me in a backwater of
glorious Devon:—a Norwegian-built auxiliary cutter of twenty-three
tons register, designed as a lifeboat for the North Sea fishing fleet,
forty-seven feet over all, fifteen feet beam, eight feet draught, built
to stand up to anything, and be handled by a crew of three or less.
Such was my dream ship in cold print. In reality, and seen through
her owner's eyes, she was, naturally, the most wonderful thing that
ever happened. A mother on the subject of her child is almost
derogatory compared with an owner concerning his ship, so the
reader shall be spared further details.
Having found her, there was the little matter of paying for her. I
had no money. I have never had any money, but that is a detail that
should never be allowed to stand in the way of a really desirable
dream. It was necessary to make some. How? By conducting a
stubborn offensive on the Army Authorities for my war gratuity. By
sitting up to all hours in a moth-eaten dressing-gown and a
microscopic flat writing short stories. By assiduously cultivating
maiden aunts. By coercion. By—— But I refuse to say more.
The dream ship became mine, but what of a crew? Well, I have
a sister, and a sister is an uncommonly handy thing to have,
photographs of fluffy girls, I pored with equal interest over plans and
designs of my dream ship.
In hospital it was the same, and when a medical board politely
ushered me into the street a free man, it took me rather less than
four hours to reach the nearest seaport and commence a search that
covered the best part of six months.
It is no easy matter to find the counterpart of a dream ship, but
in the end I found her patiently awaiting me in a backwater of
glorious Devon:—a Norwegian-built auxiliary cutter of twenty-three
tons register, designed as a lifeboat for the North Sea fishing fleet,
forty-seven feet over all, fifteen feet beam, eight feet draught, built
to stand up to anything, and be handled by a crew of three or less.
Such was my dream ship in cold print. In reality, and seen through
her owner's eyes, she was, naturally, the most wonderful thing that
ever happened. A mother on the subject of her child is almost
derogatory compared with an owner concerning his ship, so the
reader shall be spared further details.
Having found her, there was the little matter of paying for her. I
had no money. I have never had any money, but that is a detail that
should never be allowed to stand in the way of a really desirable
dream. It was necessary to make some. How? By conducting a
stubborn offensive on the Army Authorities for my war gratuity. By
sitting up to all hours in a moth-eaten dressing-gown and a
microscopic flat writing short stories. By assiduously cultivating
maiden aunts. By coercion. By—— But I refuse to say more.
The dream ship became mine, but what of a crew? Well, I have
a sister, and a sister is an uncommonly handy thing to have,
provided she is of the right variety. Mine happens to be, for she
agreed to forego all the delicacies of the season and float with me
on a piece of wood to the South Sea Islands. So also did a recently
demobilized officer who, on hearing that these same islands were
not less than three thousand miles from the nearest early-morning
parade, offered his services with almost unbecoming alacrity.
With ship and crew accounted for, those unacquainted with the
intricacies of ocean cruising may imagine there was nothing more to
be done than to sail. Others, who have perhaps trodden the thorny
path leading to the fulfilment of a dream such as ours, will realize
that our troubles had little more than begun. The hull of a ship—
even a dream ship—is a thing vastly different from a vessel fully
equipped for a voyage. The difference between a house "furnished"
and "unfurnished" is nothing to it. We needed an auxiliary motor
engine for entering and leaving port if we would escape extortionate
towage charges. We needed copper sheathing to protect our future
home against the dreaded cobra worm of tropical waters that has
been known to reduce sound wood to the semblance of a
honeycomb within six months. We needed water tanks to contain
three hundred gallons, oil tanks to hold two hundred, nautical
instruments and gear of every possible description, not to mention
provisions for an indefinite period.
Exactly how we were to acquire these things without the
proverbial penny to do it with was a problem that gave us pause
until at an extraordinary, general meeting of the firm of Peter, Steve,
and Myself, dream merchants, it was proposed, seconded, and
carried unanimously that we suffered from lack of capital, and that,
agreed to forego all the delicacies of the season and float with me
on a piece of wood to the South Sea Islands. So also did a recently
demobilized officer who, on hearing that these same islands were
not less than three thousand miles from the nearest early-morning
parade, offered his services with almost unbecoming alacrity.
With ship and crew accounted for, those unacquainted with the
intricacies of ocean cruising may imagine there was nothing more to
be done than to sail. Others, who have perhaps trodden the thorny
path leading to the fulfilment of a dream such as ours, will realize
that our troubles had little more than begun. The hull of a ship—
even a dream ship—is a thing vastly different from a vessel fully
equipped for a voyage. The difference between a house "furnished"
and "unfurnished" is nothing to it. We needed an auxiliary motor
engine for entering and leaving port if we would escape extortionate
towage charges. We needed copper sheathing to protect our future
home against the dreaded cobra worm of tropical waters that has
been known to reduce sound wood to the semblance of a
honeycomb within six months. We needed water tanks to contain
three hundred gallons, oil tanks to hold two hundred, nautical
instruments and gear of every possible description, not to mention
provisions for an indefinite period.
Exactly how we were to acquire these things without the
proverbial penny to do it with was a problem that gave us pause
until at an extraordinary, general meeting of the firm of Peter, Steve,
and Myself, dream merchants, it was proposed, seconded, and
carried unanimously that we suffered from lack of capital, and that,
in the words of the chairman, we should have to scatter and scratch
for it.
So, each to his method!
Peter became what is called in the advertisements "useful maid"
to an exacting invalid of religious and parsimonious tendencies at a
South Coast resort. Steve faded into the smoke of a great city on a
mission the details of which he has never divulged to this day,
though judging by its success I am divided in my surmise as to its
nature between "bridge" and robbery with violence.
As for me, I saw nothing for it but a return to the moth-eaten
dressing-gown—until I happened to visit the local fish market and
asked the price of sole. The answer caused me furiously to think.
There were a hundred and fifty sailing vessels in this old-fashioned
Devonshire fishing fleet, each earning a handsome income, and not
one of them a better craft than mine. Why not go trawling with the
dream ship?
This I did, and propose to give a brief account of my
experiences for the benefit of those desirous of knowing one way of
making a ship pay for herself.
From frequent recourse to the bar-parlour of "The Hole in the
Wall," a far-famed hostelry replete with smoke-grimed rafters and
sawdust floor, I learnt that the universal custom amongst fishing
craft thereabouts was to have a crew of three: two "hands" and a
skipper. The money that the catch of fish realized on sale by auction
was divided at the week end into five, a share each for the crew,
and the remainder going "to the ship" or, in other words, to the
owner, who is responsible for all gear.
for it.
So, each to his method!
Peter became what is called in the advertisements "useful maid"
to an exacting invalid of religious and parsimonious tendencies at a
South Coast resort. Steve faded into the smoke of a great city on a
mission the details of which he has never divulged to this day,
though judging by its success I am divided in my surmise as to its
nature between "bridge" and robbery with violence.
As for me, I saw nothing for it but a return to the moth-eaten
dressing-gown—until I happened to visit the local fish market and
asked the price of sole. The answer caused me furiously to think.
There were a hundred and fifty sailing vessels in this old-fashioned
Devonshire fishing fleet, each earning a handsome income, and not
one of them a better craft than mine. Why not go trawling with the
dream ship?
This I did, and propose to give a brief account of my
experiences for the benefit of those desirous of knowing one way of
making a ship pay for herself.
From frequent recourse to the bar-parlour of "The Hole in the
Wall," a far-famed hostelry replete with smoke-grimed rafters and
sawdust floor, I learnt that the universal custom amongst fishing
craft thereabouts was to have a crew of three: two "hands" and a
skipper. The money that the catch of fish realized on sale by auction
was divided at the week end into five, a share each for the crew,
and the remainder going "to the ship" or, in other words, to the
owner, who is responsible for all gear.
The Route of the Dream Ship
As regards nets: there are two kinds of trawl net, the "beam"
and the otter. Imagine a huge, meshed jelly-bag being towed along
the bottom of the sea, and you have the net. But how is the mouth
of it, which is often twenty feet long, kept open? In the case of the
beam trawl, by a wooden spar terminating each end in iron "heads";
and this is the usual type of net for the sailing smacks comprising
the main fleet. But for smaller craft, such as motor boats, a beam
trawl is too heavy and unwieldy; consequently the otter trawl was
invented.
As regards nets: there are two kinds of trawl net, the "beam"
and the otter. Imagine a huge, meshed jelly-bag being towed along
the bottom of the sea, and you have the net. But how is the mouth
of it, which is often twenty feet long, kept open? In the case of the
beam trawl, by a wooden spar terminating each end in iron "heads";
and this is the usual type of net for the sailing smacks comprising
the main fleet. But for smaller craft, such as motor boats, a beam
trawl is too heavy and unwieldy; consequently the otter trawl was
invented.
Ready for Sea
This consists of two boards about three feet by four, weighted
at the bottom, and attached to each corner of the mouth of the net.
They are "slung" at such an angle that the force of the water as the
boat tows them along the bottom of the sea forces them outward,
like kites, and thus keeps the mouth of the net stretched. In addition
to this, the top of the net's mouth is kept up by cork, and the
bottom down, by leads disposed along the foot-rope. It is a simple
contrivance, like most things ingenious.
Ninety fathoms of warp, and two wire "bridles," one leading to
each board, and thirty fathoms in length, complete the fishing gear,
which is paid out and hauled in by means of a hand capstan.
This consists of two boards about three feet by four, weighted
at the bottom, and attached to each corner of the mouth of the net.
They are "slung" at such an angle that the force of the water as the
boat tows them along the bottom of the sea forces them outward,
like kites, and thus keeps the mouth of the net stretched. In addition
to this, the top of the net's mouth is kept up by cork, and the
bottom down, by leads disposed along the foot-rope. It is a simple
contrivance, like most things ingenious.
Ninety fathoms of warp, and two wire "bridles," one leading to
each board, and thirty fathoms in length, complete the fishing gear,
which is paid out and hauled in by means of a hand capstan.
All these articles I somehow acquired, including a "hand" of
forbidding aspect, and a boy. The dream ship was converted into a
smack with as much expediency as an elderly shipwright with a taste
for beer, and his accomplice, a lad of fifteen, allowed; and finally she
stood, a thing of such beauty in smacks that I wrote a sonnet to her,
which shows the appalling effects of freedom, sea air, and a fish
diet.
My opinion of her, however, was not shared by the fishing
fraternity. Almost everything that could be wrong with a smack was
the matter with the dream ship according to these chronically
pessimistic gentry. She had too much freeboard. She had too much
beam for her length. Her bulwarks were not high enough. She would
never "tow" (trawl).
Yet upon a never-to-be-forgotten morning we sailed—dearly
beloved word of infinite possibilities!—we sailed at a seven-knot clip
for precisely ten miles. We could beat the ketch-rigged smacks of
the fleet to wind'ard without topsail or staysail. I grinned, the boy
grinned, even the "hand" grinned as he looked aloft; and it was at
that precise moment that I saw his grin fade into an open-mouthed,
wide-eyed stare.
"She's gone at the eyes of the rigging," was all he said, with
complete composure, and in rich Devonian.
We put about. The mast-head was leaning at an angle of forty
degrees, and wabbling on its splintered base like a drunken man.
The "hand," in white chin whiskers, enormous boots, and a bowler
hat dented on one side, continued to grin. In that hour I hated the
man. To him it was a gigantic joke, an amusing problem as to
whether we could reach harbour before the mast fell about our ears.
forbidding aspect, and a boy. The dream ship was converted into a
smack with as much expediency as an elderly shipwright with a taste
for beer, and his accomplice, a lad of fifteen, allowed; and finally she
stood, a thing of such beauty in smacks that I wrote a sonnet to her,
which shows the appalling effects of freedom, sea air, and a fish
diet.
My opinion of her, however, was not shared by the fishing
fraternity. Almost everything that could be wrong with a smack was
the matter with the dream ship according to these chronically
pessimistic gentry. She had too much freeboard. She had too much
beam for her length. Her bulwarks were not high enough. She would
never "tow" (trawl).
Yet upon a never-to-be-forgotten morning we sailed—dearly
beloved word of infinite possibilities!—we sailed at a seven-knot clip
for precisely ten miles. We could beat the ketch-rigged smacks of
the fleet to wind'ard without topsail or staysail. I grinned, the boy
grinned, even the "hand" grinned as he looked aloft; and it was at
that precise moment that I saw his grin fade into an open-mouthed,
wide-eyed stare.
"She's gone at the eyes of the rigging," was all he said, with
complete composure, and in rich Devonian.
We put about. The mast-head was leaning at an angle of forty
degrees, and wabbling on its splintered base like a drunken man.
The "hand," in white chin whiskers, enormous boots, and a bowler
hat dented on one side, continued to grin. In that hour I hated the
man. To him it was a gigantic joke, an amusing problem as to
whether we could reach harbour before the mast fell about our ears.
To me, the owner of a dream ship, it was tragedy. There are
moments when even a sense of humour can be out of place.
One hundred yards from our moorings the mast "went" at the
deck as well as the hounds, and fell with a crash the full length of
the ship—without touching a soul. It was little short of a miracle,
and for a few moments we stood in our several places pondering it.
The mast had scarce met the deck, with the sails and rigging
hanging over the side in a tangled mass, when a smack's crew was
alongside. Did we want help? We did, but hardly expected such a
stiff bill for salvage as was rendered the next day.
It took three weeks to step the dream ship's new mast; three
miserable weeks of waiting that only those who have "fitted out" can
appreciate. But in time we sailed afresh. We even launched the trawl
with much shouting and flurry, and at the end of two hours'
speculation hauled it up again by sheer brawn and the capstan, got
the net aboard, and found mud, nothing but mud, in the cod-end.
Various explanations were forthcoming from the "hand" for this
calamity. There was too much lead on the foot-rope. There was too
much cork on the head-line. The otter boards were not slung true.
We had been towing too fast. We had been towing too slow. Why,
bless your heart, there were men (successful fishermen now) who
had spent months in adjusting an otter trawl. An inch this way or
that made all the difference. An otter trawl was like a watch. Out of
all this the hard fact emerged that we had caught no fish.
moments when even a sense of humour can be out of place.
One hundred yards from our moorings the mast "went" at the
deck as well as the hounds, and fell with a crash the full length of
the ship—without touching a soul. It was little short of a miracle,
and for a few moments we stood in our several places pondering it.
The mast had scarce met the deck, with the sails and rigging
hanging over the side in a tangled mass, when a smack's crew was
alongside. Did we want help? We did, but hardly expected such a
stiff bill for salvage as was rendered the next day.
It took three weeks to step the dream ship's new mast; three
miserable weeks of waiting that only those who have "fitted out" can
appreciate. But in time we sailed afresh. We even launched the trawl
with much shouting and flurry, and at the end of two hours'
speculation hauled it up again by sheer brawn and the capstan, got
the net aboard, and found mud, nothing but mud, in the cod-end.
Various explanations were forthcoming from the "hand" for this
calamity. There was too much lead on the foot-rope. There was too
much cork on the head-line. The otter boards were not slung true.
We had been towing too fast. We had been towing too slow. Why,
bless your heart, there were men (successful fishermen now) who
had spent months in adjusting an otter trawl. An inch this way or
that made all the difference. An otter trawl was like a watch. Out of
all this the hard fact emerged that we had caught no fish.
Fisherman
For two weeks we were out early and late experimenting, and
for two weeks I scraped together (Heaven knows how!) sufficient for
the "hand's" retainer and my own board and lodging. And then—
success came to us as by a miracle. Instead of mud, or shells, or
weed, we found fish in the cod-end: fat plaice, luxurious sole, skate,
and whiting.
What we had done to our otter trawl I don't think anyone knew,
least of all the "hand," and I am none the wiser to this day, but it
caught fish. We treasured that trawl as something exceedingly
precious, and nothing, nothing whatsoever, would cause us to alter
its ropes or leads a hair's breadth. We lived in constant dread that
we should meet a "hitch" (an obstacle on the bottom of the sea)
that would make it necessary to cut the warp and lose this
wonderful trawl. It would have taken two weeks, perhaps two
For two weeks we were out early and late experimenting, and
for two weeks I scraped together (Heaven knows how!) sufficient for
the "hand's" retainer and my own board and lodging. And then—
success came to us as by a miracle. Instead of mud, or shells, or
weed, we found fish in the cod-end: fat plaice, luxurious sole, skate,
and whiting.
What we had done to our otter trawl I don't think anyone knew,
least of all the "hand," and I am none the wiser to this day, but it
caught fish. We treasured that trawl as something exceedingly
precious, and nothing, nothing whatsoever, would cause us to alter
its ropes or leads a hair's breadth. We lived in constant dread that
we should meet a "hitch" (an obstacle on the bottom of the sea)
that would make it necessary to cut the warp and lose this
wonderful trawl. It would have taken two weeks, perhaps two
months, to discover another like it, and we were averaging fifty
pounds a week.
Success breeds ambition, and I installed a motor auxiliary
engine. Further, there is only one way of catching more fish than by
trawling all day, and that is trawling all night. The fish, especially
whiting, do not see the net coming in the dark. So we acquired the
habits of night-hawks, sailing at four o'clock in the afternoon, and
returning at six the next morning. It paid. It paid handsomely. What
should I not be able to report at the next general meeting of dream
merchants?
It was a fine sight on a pitch-black night to see our wake
streaming away like smoke from the propeller, so bright with
phosphorescence that it seemed a powerful light must be hung over
the stern. And to watch the net, lit with a myriad tiny lamps,
creeping in yard by yard. Then, what a splashing as the big skate
and plaice came alongside!
It must be remembered that the dream ship's career as a
fishing smack was during the last phases of the great war. She saw
three German submarines, two steamers sunk, and had her stalwart
ribs severely shaken by depth-charges on several occasions. In fact,
as one concussion caused her to leak, I had serious thoughts of
decorating her with a wound-stripe on the starboard quarter. What
the effect of one of those fearful implements of destruction must be
at close quarters, and while submerged, I can hardly imagine. I only
know that one was dropped about half a mile from the dream ship,
and from the cabin it sounded as though someone had hit the oil-
tanks with a sledge-hammer, and felt as though she had run bow on,
and at a nine-knot clip, into an iceberg.
pounds a week.
Success breeds ambition, and I installed a motor auxiliary
engine. Further, there is only one way of catching more fish than by
trawling all day, and that is trawling all night. The fish, especially
whiting, do not see the net coming in the dark. So we acquired the
habits of night-hawks, sailing at four o'clock in the afternoon, and
returning at six the next morning. It paid. It paid handsomely. What
should I not be able to report at the next general meeting of dream
merchants?
It was a fine sight on a pitch-black night to see our wake
streaming away like smoke from the propeller, so bright with
phosphorescence that it seemed a powerful light must be hung over
the stern. And to watch the net, lit with a myriad tiny lamps,
creeping in yard by yard. Then, what a splashing as the big skate
and plaice came alongside!
It must be remembered that the dream ship's career as a
fishing smack was during the last phases of the great war. She saw
three German submarines, two steamers sunk, and had her stalwart
ribs severely shaken by depth-charges on several occasions. In fact,
as one concussion caused her to leak, I had serious thoughts of
decorating her with a wound-stripe on the starboard quarter. What
the effect of one of those fearful implements of destruction must be
at close quarters, and while submerged, I can hardly imagine. I only
know that one was dropped about half a mile from the dream ship,
and from the cabin it sounded as though someone had hit the oil-
tanks with a sledge-hammer, and felt as though she had run bow on,
and at a nine-knot clip, into an iceberg.
Over twenty good, sound fishing smacks belonging to the fleet
with which we sailed were sent to the bottom by German
submarines. In one case the crew were stripped of their jerseys—the
only article aboard the smack that seemed to appeal to the Hun—
and left on deck while the submarine submerged under their feet.
The one survivor's chief complaint appeared to be the loss of his
jersey.
On more than one occasion a German submarine appeared in
the midst of the fishing fleet, which they favoured as an
unsuspected lurking-place. Warps were cut on the instant, and,
under full sail, a hundred smacks might have been seen racing
harbourward minus their gear. This became such a common
occurrence that patrol boats were sent out with the fleet, and
"forbidden areas" created.
These last were unpopular with fishermen. The authorities
seemed to pitch inevitably on the most prolific grounds to place
under the ban. Poaching became general. In one instance the
skipper of a smack, who had had a bad "week's work," decided to
make amends or perish in the effort. He altered the registered
number of his boat, which is carried in large white figures on the
mainsail and bow, with whitewash, burnt-corked the faces of himself
and his crew, and sailed for the banned area.
For hours he trawled backward and forward across the holy
ground, with dread and hope alternating in his heart, and with the
first hint of dawn hauled in his net, to discover that in the general
excitement he had "shot" his trawl with the cod-end untied!
Nothing daunted, he returned to the attack the following night,
and as Fate the Jester so often decrees, on this occasion, when the
with which we sailed were sent to the bottom by German
submarines. In one case the crew were stripped of their jerseys—the
only article aboard the smack that seemed to appeal to the Hun—
and left on deck while the submarine submerged under their feet.
The one survivor's chief complaint appeared to be the loss of his
jersey.
On more than one occasion a German submarine appeared in
the midst of the fishing fleet, which they favoured as an
unsuspected lurking-place. Warps were cut on the instant, and,
under full sail, a hundred smacks might have been seen racing
harbourward minus their gear. This became such a common
occurrence that patrol boats were sent out with the fleet, and
"forbidden areas" created.
These last were unpopular with fishermen. The authorities
seemed to pitch inevitably on the most prolific grounds to place
under the ban. Poaching became general. In one instance the
skipper of a smack, who had had a bad "week's work," decided to
make amends or perish in the effort. He altered the registered
number of his boat, which is carried in large white figures on the
mainsail and bow, with whitewash, burnt-corked the faces of himself
and his crew, and sailed for the banned area.
For hours he trawled backward and forward across the holy
ground, with dread and hope alternating in his heart, and with the
first hint of dawn hauled in his net, to discover that in the general
excitement he had "shot" his trawl with the cod-end untied!
Nothing daunted, he returned to the attack the following night,
and as Fate the Jester so often decrees, on this occasion, when the
cod-end was securely tied and all going well, the hated voice of the
fisheries inspector, better known as the "bogey-man," came out of
the night, close alongside: "You are reported for trawling in the
proscribed area."
Simultaneously a shaft of light from an electric torch bit into the
darkness, exposing the smack's number and her black-faced crew.
"Stand by. I'm coming aboard," were the next instructions, but
the men were suddenly electrified into life. In stony silence, so that
their voices should not be recognized, the skipper successfully
threatened the boarding "bogey-man" with a cutlass, while the crew
set the steam capstan to work and soon had the trawl aboard with
its valuable freight.
With the "bogey-man" still threatening dire vengeance, the
smack stood out to sea, and catching the morning breeze,
outstripped the inspector's launch. The authorities never knew who
perpetrated this outrage, as, when they came to look up the smack's
number in the register, they found it to be that of an antiquated hulk
that had never left harbour.
It is to be feared that the dream ship poached. On one occasion
a thick fog descended upon her while trawling. She continued the
motion blindly for three hours, when the fog lifted and we
discovered—naturally with deep regrets—that we had covered a
forbidden area from end to end, and had caught sole, plaice, and
turbot to the value of forty pounds.
The dream ship had many experiences while "paying for
herself," and was destined to have many more. For her size, it is
doubtful if any craft has enjoyed a more varied life, and the more I
think of her lying there in foreign waters, ... But of this anon.
fisheries inspector, better known as the "bogey-man," came out of
the night, close alongside: "You are reported for trawling in the
proscribed area."
Simultaneously a shaft of light from an electric torch bit into the
darkness, exposing the smack's number and her black-faced crew.
"Stand by. I'm coming aboard," were the next instructions, but
the men were suddenly electrified into life. In stony silence, so that
their voices should not be recognized, the skipper successfully
threatened the boarding "bogey-man" with a cutlass, while the crew
set the steam capstan to work and soon had the trawl aboard with
its valuable freight.
With the "bogey-man" still threatening dire vengeance, the
smack stood out to sea, and catching the morning breeze,
outstripped the inspector's launch. The authorities never knew who
perpetrated this outrage, as, when they came to look up the smack's
number in the register, they found it to be that of an antiquated hulk
that had never left harbour.
It is to be feared that the dream ship poached. On one occasion
a thick fog descended upon her while trawling. She continued the
motion blindly for three hours, when the fog lifted and we
discovered—naturally with deep regrets—that we had covered a
forbidden area from end to end, and had caught sole, plaice, and
turbot to the value of forty pounds.
The dream ship had many experiences while "paying for
herself," and was destined to have many more. For her size, it is
doubtful if any craft has enjoyed a more varied life, and the more I
think of her lying there in foreign waters, ... But of this anon.
THE PREPARATION
Concerning preparations in general, and personnel in
particular
Chapter II headpiece
CHAPTER II
Concerning preparations in general, and personnel in
particular
Our separate excursions into the field of commerce resulted in a
healthier financial outlook at the next general meeting of dream
merchants. Plans developed apace. Lists were made, schedules
Concerning preparations in general, and personnel in
particular
Chapter II headpiece
CHAPTER II
Concerning preparations in general, and personnel in
particular
Our separate excursions into the field of commerce resulted in a
healthier financial outlook at the next general meeting of dream
merchants. Plans developed apace. Lists were made, schedules
Welcome to our website – the perfect destination for book lovers and
knowledge seekers. We believe that every book holds a new world,
offering opportunities for learning, discovery, and personal growth.
That’s why we are dedicated to bringing you a diverse collection of
books, ranging from classic literature and specialized publications to
self-development guides and children's books.
More than just a book-buying platform, we strive to be a bridge
connecting you with timeless cultural and intellectual values. With an
elegant, user-friendly interface and a smart search system, you can
quickly find the books that best suit your interests. Additionally,
our special promotions and home delivery services help you save time
and fully enjoy the joy of reading.
Join us on a journey of knowledge exploration, passion nurturing, and
personal growth every day!
ebookbell.com
knowledge seekers. We believe that every book holds a new world,
offering opportunities for learning, discovery, and personal growth.
That’s why we are dedicated to bringing you a diverse collection of
books, ranging from classic literature and specialized publications to
self-development guides and children's books.
More than just a book-buying platform, we strive to be a bridge
connecting you with timeless cultural and intellectual values. With an
elegant, user-friendly interface and a smart search system, you can
quickly find the books that best suit your interests. Additionally,
our special promotions and home delivery services help you save time
and fully enjoy the joy of reading.
Join us on a journey of knowledge exploration, passion nurturing, and
personal growth every day!
ebookbell.com
Download
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 7
- Slides 83
- Favorites 1
- Age 200 days
Related Slideshows
11
TLE-9-Prepare-Salad-and-Dressing.pptxkkk
MaAngelicaCanceran
30 views
12
LESSON 1 ABOUT MEDIA AND INFORMATION.pptx
JojitGueta
24 views
60
GRADE-8-AQUACULTURE-WEEKQ1.pdfdfawgwyrsewru
MaAngelicaCanceran
39 views
26
Feelings PP Game FOR CHILDREN IN ELEMENTARY SCHOOL.pptx
KaistaGlow
39 views
![Jeopardy_Figures_of_Speech_Template.pptx [Autosaved].pptx](https://slidepub.com/thumb/5828/284015828.jpg)
54
Jeopardy_Figures_of_Speech_Template.pptx [Autosaved].pptx
acecamero20
23 views
7
Jeopardy_Figures_of_Speech.pptxvdsvdsvsdvsd
acecamero20
24 views