EC-Council Certified Incident Handler (ECIH)
Course Overview
EC-Council's Certified Incident Handler program equips students with the knowledge, skills, and abilities to effectively prepare for, deal with, and eradicate threats and threat actors in an incident. This program provides the entire process of incident handling and response and hands-on labs that teach the tactical procedures and techniques required to effectively plan, record, triage, notify and contain.
Students will learn the handling of various types of incidents, risk assessment methodologies, as well as laws and policies related to incident handling. After attending the course, students will be able to create IH&R policies and deal with different types of security incidents such as malware, email security, network security, web application security, cloud security, and insider threat-related incidents.
The E|CIH (EC-Council Certified Incident Handler) also covers post incident activities such as containment, eradication, evidence gathering and forensic analysis, leading to prosecution or countermeasures to ensure the incident is not repeated.
Learning Outcomes
Cyber Kill Chain Methodology, MITRE ATT&CK Framework, etc.
Vulnerability assessment, risk management, cyber threat intelligence, threat modeling, and threat hunting
information security incidents, signs and costs of an incident, incident handling and response, and incident response automation and orchestration
Learn to restore IT infrastructure, systems, and networks following disasters while minimizing downtime and data loss.
(Planning, recording and assignment, triage, notification, containment, evidence gathering and forensic analysis, eradication, recovery, and post-incident activities)
Evidence collection, documentation, preservation, packaging, and transportation
malware incidents, email security incidents, network security incidents, web application security incidents, cloud security incidents, insider threat-related incidents, and endpoint security incidents.
Exam Information
Who Can apply for E|CIH
- Any mid-level to high-level cyber security professionals with a minimum of 3 years of experience
- Individuals from the information security profession and who want to enrich their skills and knowledge in the field of incident handling and response.
- Individuals interested in preventing cyber threats.
Course Content & Modules
INTRODUCTION TO INCIDENT HANDLING AND RESPONSE
This module provides a comprehensive introduction to incident handling and response concepts, including the fundamental principles, terminology, and frameworks used in cybersecurity incident management. Students will learn about the importance of incident response planning and how it integrates with overall security operations.
INCIDENT HANDLING AND RESPONSE PROCESS
Learn the systematic approach to incident handling and response, including the complete incident lifecycle from detection and analysis to containment, eradication, and recovery. This module covers incident classification, prioritization, and coordination with stakeholders.
FIRST RESPONSE
Master the critical first response procedures when a security incident is detected. Learn about initial assessment, evidence preservation, immediate containment measures, and communication protocols to minimize damage and maintain forensic integrity.
HANDLING AND RESPONDING TO MALWARE INCIDENTS
Learn specialized techniques for detecting, analyzing, and responding to malware incidents including viruses, trojans, ransomware, and advanced persistent threats. This module covers malware analysis, containment strategies, and system recovery procedures.
HANDLING AND RESPONDING TO EMAIL SECURITY INCIDENTS
Develop expertise in handling email-based security incidents including phishing attacks, business email compromise (BEC), spam campaigns, and email-borne malware. Learn to analyze email headers, trace attack sources, and implement protective measures.
HANDLING AND RESPONDING TO NETWORK SECURITY INCIDENTS
Master network security incident response including DDoS attacks, network intrusions, unauthorized access, and network-based malware. Learn to analyze network traffic, implement network segmentation, and restore network security controls.
HANDLING AND RESPONDING TO WEB APPLICATION SECURITY INCIDENTS
Learn to handle web application security incidents including SQL injection, cross-site scripting (XSS), cross-site request forgery (CSRF), and other OWASP Top 10 vulnerabilities. Master web application forensics and secure coding practices.
HANDLING AND RESPONDING TO CLOUD SECURITY INCIDENTS
Develop skills in handling cloud security incidents including data breaches, misconfigurations, unauthorized access, and cloud-specific attacks. Learn about shared responsibility models, cloud forensics, and incident response in multi-cloud environments.
HANDLING AND RESPONDING TO INSIDER THREATS
Learn to identify, investigate, and respond to insider threats including malicious insiders, negligent employees, and compromised accounts. Master behavioral analysis, access monitoring, and legal considerations in insider threat investigations.
HANDLING AND RESPONDING TO ENDPOINT SECURITY INCIDENTS
Master endpoint security incident response including device compromise, unauthorized access, data exfiltration, and endpoint-based attacks. Learn about endpoint forensics, malware removal, and implementing endpoint detection and response (EDR) solutions.
Course Information
Ready to Start?
Earn Your Industry-Recognized Certificate
Upon successfully passing the examination for this course, participants will be awarded a certificate, an example of which is shown below.
