EC-Council Certified Incident Handler v2

EC-Council

EC-Council Certified Incident Handler v2

ECIH Course Overview

EC-Council’s Certified Incident Handler v2 (E|CIH) certification and training imparts and validates extensive skills to address post-security breach consequences in the organization by condensing the financial and reputational impact of the incident. This E|CIH program has been devised by globally recognized cybersecurity and incident handling & response practitioners. The certification is highly ranked and helps enhances the employability of cybersecurity professionals worldwide.

This course is a comprehensive specialist-level program that imparts knowledge and skills that organizations need to effectively handle post breach consequences by reducing the impact of the incident, from both a financial and a reputational perspective.

Following a rigorous development which included a careful Job Task Analysis (JTA) related to incident handling and incident first responder jobs, EC-Council developed a highly interactive, comprehensive, standards-based, intensive 3-day training program and certification that provides a structured approach to learning real-world incident handling and response requirements.

Why take ECIH?

Incident handler is a term used to describe the activities of an organization to identify, analyze, and correct hazards to prevent a future reoccurrence. These incidents within a structured organization are normally dealt with by a either an Incident Response Team (IRT), or an Incident Management Team (IMT). These teams are often either designated beforehand, or during the event and are placed in control of the organization while the incident is dealt with, in order to retain business processes.

The EC-Council Certified Incident Handler certification is designed to provide the fundamental skills to handle and respond to computer security incidents in an information system.

A Certified Incident Handler is a skilled professional who is able to handle various types of incidents, risk assessment methodologies, and various laws and policies related to incident handling. A certified Incident Handler will be able to create incident handling and response policies and deal with various types of computer security incidents such as network security incidents, malicious code incidents, and insider attack threats.

The E|CIH certification will provide professionals with greater industry acceptance as the seasoned incident handler.

Learn All Stages in Incident Handling

This program addresses all the stages involved in incident handling and the response process to enhances your skills as an incident handler and responder, increasing your employability. This approach makes E|CIH one of the most comprehensive incident handling and response related certifications on the market today.

The skills taught in EC-Council’s E|CIH program are desired by cybersecurity professionals from around the world and is respected by employers.

The Purpose of the ECIH Certification Course?

Professionals interested in pursuing incident handling and response as a career require comprehensive training that not only imparts concepts but also allows them to experience real-scenarios. The E|CIH program includes hands-on learning delivered through labs within the training program. True employability after earning a certification can only be achieved when the core of the curricula maps to and is compliant with government and industry-published incident and response frameworks.

E|CIH is a method-driven program that uses a holistic approach to cover vast concepts concerning organizational incident handling and response from preparing and planning the incident handling response process to recovering organizational assets after a security incident. These concepts are essential for handling and responding to security incidents to protect organizations from future threats or attacks.

  • To enable individuals and organizations with the ability to handle and respond to different types of cybersecurity incidents in a systematic way.
  • To ensure that organization can identify, contain, and recover from an attack.
  • To reinstate regular operations of the organization as early as possible and mitigate the negative impact on the business operations.
  • To be able to draft security policies with efficacy and ensure that the quality of services is maintained at the agreed levels.
  • To minimize the loss and after-effects breach of the incident.
  • For individuals: To enhance skills on incident handling and boost their employability.
Target Audience
Penetration Testers
Vulnerability Assessment Auditors
Risk Assessment Administrators
Network Administrators
Application Security Engineers
System Administrators / Engineers
Cyber Forensic Investigators/ Analyst and SOC Analyst
Firewall Administrators and Network Managers / IT Managers
Why Incident Handling Is a Must for Every Organization

Despite all elementary security measures, organizations are still finding it difficult to withstand cyberattacks. The least of the consequences caused by the attacks are weakening the very foundation of the organization’s business processes. An effective incident handling and response program ensures quick healing by reducing the time spent on containment and aims to reinstate business processes to the expected level of quality.

Course Pre-Requisite

You should have the following experience before attending this course:

  • A minimum of one years experience managing Windows/Unix/Linux systems
  • An understanding of common network and security services
Overview Course Outline About the exam

Learning Objectives for ECIH v2 Training Course

This Certified Incident Handler training and certification aim to explain expertly:

  • Primary issues that plague information security domain
  • Combating various kinds of cybersecurity threats, vectors of attack, threat actors and their objectives
  • Core incident management fundamentals that include incident signs and costs
  • Basics of vulnerability management, risk management, threat assessment, and automation and orchestration of the incident response
  • Best practices of incident handling and response, cybersecurity frameworks, standards, acts, laws, and compliance
  • The process to devise incident handling and response program
  • Core essentials of computer forensics and readiness to forensics
  • Anticipate the importance of procedure of the first response along with collecting evidence, packaging, storing, transportation, data acquisition, collection of the volatile and static evidence, and analyzing evidence
  • Anti-forensics techniques adopted by attackers to discover cover-ups for cybersecurity incident
  • Implement the appropriate techniques to different types of cybersecurity incidents systematically such as malware, network security, email security, web application security, cloud security, and insider threat-related incidents

E|CIH is a specialist-level program that caters to mid-level to high-level cybersecurity professionals. In order to increase your chances of success, it is recommended that you have at least 1 year of experience in the cybersecurity domain.

E|CIH members are ambitious security professionals who work in Fortune 500 organizations globally.

This course covers:

Module 01: Introduction to Incident Handling and Response

  • Overview of Information Security Concepts
  • Understanding Information Security Threats and Attack Vectors
  • Understanding Information Security Incident
  • Overview of Incident Management
  • Overview of Vulnerability Management
  • Overview of Threat Assessment
  • Understanding Risk Management
  • Understanding Incident Response Automation and Orchestration
  • Incident Handling and Response Best Practices
  • Overview of Standards
  • Overview of Cyber security Frameworks
  • Importance of Laws in Incident Handling
  • Incident Handling and Legal Compliance

Module 02: Incident Handling and Response Process

  • Overview of Incident Handling and Response (IH&R) Process
  • Step 1: Preparation for Incident Handling and Response
  • Step 2: Incident Recording and Assignment
  • Step 3: Incident Triage
  • Step 4: Notification
  • Step 5: Containment
  • Step 6: Evidence Gathering and Forensics Analysis
  • Step 7: Eradication
  • Step 8: Recovery
  • Step 9: Post-Incident Activities

Module 03: Forensic Readiness and First Response

  • Introduction to Computer Forensics
  • Overview of Forensic Readiness
  • Overview of First Response
  • Overview of Digital Evidence
  • Understanding the Principles of Digital Evidence Collection
  • Collecting the Evidence
  • Securing the Evidence
  • Overview of Data Acquisition
  • Understanding the Volatile Evidence Collection
  • Understanding the Static Evidence Collection
  • Performing Evidence Analysis
  • Overview of Anti-Forensics

Module 04: Handling and Responding to Malware Incidents

  • Overview of Malware Incident Response
  • Preparation for Handling Malware Incidents
  • Detecting Malware Incidents
  • Containment of Malware Incidents
  • Eradication of Malware Incidents
  • Recovery after Malware Incidents
  • Guidelines for Preventing Malware Incidents

Module 05: Handling and Responding to Email Security Incidents

  • Overview of Email Security Incidents
  • Introduction to Email Security Incidents
  • Types of Email Security Incidents
  • Preparation for Handling Email Security Incidents
  • Detection and Containment of Email Security Incidents
  • Eradication of Email Security Incidents
  • Recovery after Email Security Incidents

Module 06: Handling and Responding to Network Security Incidents

  • Overview of Network Security Incidents
  • Preparation for Handling Network Security Incidents
  • Detection and Validation of Network Security Incidents
  • Handling Unauthorized Access Incidents
  • Handling Inappropriate Usage Incidents
  • Handling Denial-of-Service Incidents
  • Handling Wireless Network Security Incidents

Module 07: Handling and Responding to Web Application Security Incidents

  • Overview of Web Application Incident Handling
  • Web Application Security Threats and Attacks
  • Preparation to Handle Web Application Security Incidents
  • Detecting and Analyzing Web Application Security Incidents
  • Containment of Web Application Security Incidents
  • Eradication of Web Application Security Incidents
  • Recovery from Web Application Security Incidents
  • Best Practices for Securing Web Applications

Module 08: Handling and Responding to Cloud Security Incidents

  • Cloud Computing Concepts
  • Overview of Handling Cloud Security Incidents
  • Cloud Security Threats and Attacks
  • Preparation for Handling Cloud Security Incidents
  • Detecting and Analyzing Cloud Security Incidents
  • Containment of Cloud Security Incidents
  • Eradication of Cloud Security Incidents
  • Recovering from Cloud Security Incidents
  • Best Practices Against Cloud-based Incidents

Module 09: Handling and Responding to Insider Threats

  • Introduction to Insider Threats
  • Preparation for Handling Insider Threats
  • Detecting and Analyzing Insider Threats
  • Containment of Insider Threats
  • Eradication of Insider Threats
  • Recovery after Insider Attacks
  • Best Practices Against Insider Threats
Exam Codes212-89 (ECC EXAM)
Number of Questions100 questions per exam
Type of QuestionsMultiple choice
Length of Test3 Hours / 180 Minutes
Testing ProviderECC EXAM PORTAL
Passing Score70%

Course Highlights

EC-Council Authorized Partner
96% passing rate
Get certified at an affordable price
Blended learning delivery model
CEI Certified Trainers

Contact

  • Unit 15B Penthouse Atherton Place, Tomas Morato, Corner Don A. Roces Ave, Quezon City, 1103 Metro Manila
  • +(632) 7905 8718
  • sales@teched.com.ph

Brochures

View our Course Documents below with the current Curriculum and Pricing presented in an easy to read guide for the course offered.

Testimonials

Training at TechED has been amazing. The instructor has provided us with so much in depth knowledge regarding the course including course material which are detailed and a lot of iLabs for hands on experience. Would recommend for anyone looking to study.

Francis C.

Network Security Administrator, Manufacturing Sector

The instructor is exceptionally knowledgeable and provided valuable additional content and labs.

Erick Z.

Cybersecurity Director, BPO Industry

Considering the difficult times we live in with COVID-19, the online training delivery as well as the staff were superb.

The course really keyed in all the topics of the exam. The material slides, documentation, labs was well written and presented. The instructor really knew his stuff and you could tell he was passionate about the subject. 

Christian L.

IT Manager, Health Sector

TechED's training was excellent. The trainer was able to explain all the material and extra on top of that which I think will help me with future training and in my work environment. I would highly recommend it to anyone wishing to further their knowledge in a quick and easy way.

Mike S.

US Military

The Cybersecurity Trainings and Instructor provided by TechED are a must for anyone working in the field. It provides a wealth of useful information that might be useful when you get back to work.

Richard J.

Cybersecurity Specialist, US DOD Contractor

At vero eos et accusamus et iusto odio digni goikussimos ducimus qui to bonfo blanditiis praese. Ntium voluum deleniti atque.

Melbourne, Australia
(Sat - Thursday)
(10am - 05 pm)

No products in the cart.

Subscribe to our newsletter

Sign up to receive latest news, updates, promotions, and special offers delivered directly to your inbox.
No, thanks
X