EC-Council Certified Incident Handler v2
ECIH Course Overview
EC-Council’s Certified Incident Handler v2 (E|CIH) certification and training imparts and validates extensive skills to address post-security breach consequences in the organization by condensing the financial and reputational impact of the incident. This E|CIH program has been devised by globally recognized cybersecurity and incident handling & response practitioners. The certification is highly ranked and helps enhances the employability of cybersecurity professionals worldwide.
This course is a comprehensive specialist-level program that imparts knowledge and skills that organizations need to effectively handle post breach consequences by reducing the impact of the incident, from both a financial and a reputational perspective.
Following a rigorous development which included a careful Job Task Analysis (JTA) related to incident handling and incident first responder jobs, EC-Council developed a highly interactive, comprehensive, standards-based, intensive 3-day training program and certification that provides a structured approach to learning real-world incident handling and response requirements.
Why take ECIH?
Incident handler is a term used to describe the activities of an organization to identify, analyze, and correct hazards to prevent a future reoccurrence. These incidents within a structured organization are normally dealt with by a either an Incident Response Team (IRT), or an Incident Management Team (IMT). These teams are often either designated beforehand, or during the event and are placed in control of the organization while the incident is dealt with, in order to retain business processes.
The EC-Council Certified Incident Handler certification is designed to provide the fundamental skills to handle and respond to computer security incidents in an information system.
A Certified Incident Handler is a skilled professional who is able to handle various types of incidents, risk assessment methodologies, and various laws and policies related to incident handling. A certified Incident Handler will be able to create incident handling and response policies and deal with various types of computer security incidents such as network security incidents, malicious code incidents, and insider attack threats.
The E|CIH certification will provide professionals with greater industry acceptance as the seasoned incident handler.
Learn All Stages in Incident Handling
This program addresses all the stages involved in incident handling and the response process to enhances your skills as an incident handler and responder, increasing your employability. This approach makes E|CIH one of the most comprehensive incident handling and response related certifications on the market today.
The skills taught in EC-Council’s E|CIH program are desired by cybersecurity professionals from around the world and is respected by employers.
The Purpose of the ECIH Certification Course?
Professionals interested in pursuing incident handling and response as a career require comprehensive training that not only imparts concepts but also allows them to experience real-scenarios. The E|CIH program includes hands-on learning delivered through labs within the training program. True employability after earning a certification can only be achieved when the core of the curricula maps to and is compliant with government and industry-published incident and response frameworks.
E|CIH is a method-driven program that uses a holistic approach to cover vast concepts concerning organizational incident handling and response from preparing and planning the incident handling response process to recovering organizational assets after a security incident. These concepts are essential for handling and responding to security incidents to protect organizations from future threats or attacks.
- To enable individuals and organizations with the ability to handle and respond to different types of cybersecurity incidents in a systematic way.
- To ensure that organization can identify, contain, and recover from an attack.
- To reinstate regular operations of the organization as early as possible and mitigate the negative impact on the business operations.
- To be able to draft security policies with efficacy and ensure that the quality of services is maintained at the agreed levels.
- To minimize the loss and after-effects breach of the incident.
- For individuals: To enhance skills on incident handling and boost their employability.
Why Incident Handling Is a Must for Every Organization
Despite all elementary security measures, organizations are still finding it difficult to withstand cyberattacks. The least of the consequences caused by the attacks are weakening the very foundation of the organization’s business processes. An effective incident handling and response program ensures quick healing by reducing the time spent on containment and aims to reinstate business processes to the expected level of quality.
You should have the following experience before attending this course:
- A minimum of one years experience managing Windows/Unix/Linux systems
- An understanding of common network and security services
Learning Objectives for ECIH v2 Training Course
This Certified Incident Handler training and certification aim to explain expertly:
- Primary issues that plague information security domain
- Combating various kinds of cybersecurity threats, vectors of attack, threat actors and their objectives
- Core incident management fundamentals that include incident signs and costs
- Basics of vulnerability management, risk management, threat assessment, and automation and orchestration of the incident response
- Best practices of incident handling and response, cybersecurity frameworks, standards, acts, laws, and compliance
- The process to devise incident handling and response program
- Core essentials of computer forensics and readiness to forensics
- Anticipate the importance of procedure of the first response along with collecting evidence, packaging, storing, transportation, data acquisition, collection of the volatile and static evidence, and analyzing evidence
- Anti-forensics techniques adopted by attackers to discover cover-ups for cybersecurity incident
- Implement the appropriate techniques to different types of cybersecurity incidents systematically such as malware, network security, email security, web application security, cloud security, and insider threat-related incidents
E|CIH is a specialist-level program that caters to mid-level to high-level cybersecurity professionals. In order to increase your chances of success, it is recommended that you have at least 1 year of experience in the cybersecurity domain.
E|CIH members are ambitious security professionals who work in Fortune 500 organizations globally.
This course covers:
Module 01: Introduction to Incident Handling and Response
- Overview of Information Security Concepts
- Understanding Information Security Threats and Attack Vectors
- Understanding Information Security Incident
- Overview of Incident Management
- Overview of Vulnerability Management
- Overview of Threat Assessment
- Understanding Risk Management
- Understanding Incident Response Automation and Orchestration
- Incident Handling and Response Best Practices
- Overview of Standards
- Overview of Cyber security Frameworks
- Importance of Laws in Incident Handling
- Incident Handling and Legal Compliance
Module 02: Incident Handling and Response Process
- Overview of Incident Handling and Response (IH&R) Process
- Step 1: Preparation for Incident Handling and Response
- Step 2: Incident Recording and Assignment
- Step 3: Incident Triage
- Step 4: Notification
- Step 5: Containment
- Step 6: Evidence Gathering and Forensics Analysis
- Step 7: Eradication
- Step 8: Recovery
- Step 9: Post-Incident Activities
Module 03: Forensic Readiness and First Response
- Introduction to Computer Forensics
- Overview of Forensic Readiness
- Overview of First Response
- Overview of Digital Evidence
- Understanding the Principles of Digital Evidence Collection
- Collecting the Evidence
- Securing the Evidence
- Overview of Data Acquisition
- Understanding the Volatile Evidence Collection
- Understanding the Static Evidence Collection
- Performing Evidence Analysis
- Overview of Anti-Forensics
Module 04: Handling and Responding to Malware Incidents
- Overview of Malware Incident Response
- Preparation for Handling Malware Incidents
- Detecting Malware Incidents
- Containment of Malware Incidents
- Eradication of Malware Incidents
- Recovery after Malware Incidents
- Guidelines for Preventing Malware Incidents
Module 05: Handling and Responding to Email Security Incidents
- Overview of Email Security Incidents
- Introduction to Email Security Incidents
- Types of Email Security Incidents
- Preparation for Handling Email Security Incidents
- Detection and Containment of Email Security Incidents
- Eradication of Email Security Incidents
- Recovery after Email Security Incidents
Module 06: Handling and Responding to Network Security Incidents
- Overview of Network Security Incidents
- Preparation for Handling Network Security Incidents
- Detection and Validation of Network Security Incidents
- Handling Unauthorized Access Incidents
- Handling Inappropriate Usage Incidents
- Handling Denial-of-Service Incidents
- Handling Wireless Network Security Incidents
Module 07: Handling and Responding to Web Application Security Incidents
- Overview of Web Application Incident Handling
- Web Application Security Threats and Attacks
- Preparation to Handle Web Application Security Incidents
- Detecting and Analyzing Web Application Security Incidents
- Containment of Web Application Security Incidents
- Eradication of Web Application Security Incidents
- Recovery from Web Application Security Incidents
- Best Practices for Securing Web Applications
Module 08: Handling and Responding to Cloud Security Incidents
- Cloud Computing Concepts
- Overview of Handling Cloud Security Incidents
- Cloud Security Threats and Attacks
- Preparation for Handling Cloud Security Incidents
- Detecting and Analyzing Cloud Security Incidents
- Containment of Cloud Security Incidents
- Eradication of Cloud Security Incidents
- Recovering from Cloud Security Incidents
- Best Practices Against Cloud-based Incidents
Module 09: Handling and Responding to Insider Threats
- Introduction to Insider Threats
- Preparation for Handling Insider Threats
- Detecting and Analyzing Insider Threats
- Containment of Insider Threats
- Eradication of Insider Threats
- Recovery after Insider Attacks
- Best Practices Against Insider Threats
|Exam Codes||212-89 (ECC EXAM)|
|Number of Questions||100 questions per exam|
|Type of Questions||Multiple choice|
|Length of Test||3 Hours / 180 Minutes|
|Testing Provider||ECC EXAM PORTAL|
EC-Council Certified Security Specialist v9
EC-Council Certified Encryption Specialist v2
EC-Council Certified Security Analyst v10
EC-Council Disaster Recovery Professional v3
EC-Council Certified Chief Information Security Officer v3
EC-Council Certified Secure Computer User v2
EC-Council Certified Threat Intelligence Analyst v1
EC-Council Certified SOC Analyst v1
EC-Council Certified Penetration Testing Professional v1
EC-Council Computer Hacking Forensic Investigator v9
EC-Council Certified Network Defender v2
Certified Ethical Hacker v11
- Unit 15B Penthouse Atherton Place, Tomas Morato, Corner Don A. Roces Ave, Quezon City, 1103 Metro Manila
- +(632) 7905 8718