Become a Certified Incident Handler E|CIH

Why Incident Handling Is a Must for Every Organization

277 Days

Average time to identify and contain a data breach.

49 Days

Ransomware breaches took 49 days longer than average to identify and contain.

303 Days

Average time to identify and contain a supply chain compromise.

Despite all elementary security measures, organizations are still finding it difficult of withstand cyber attacks which weakens the very foundation of the organizations business processes.

An effective incident handling and response program ensures 1. Quick detection 2. Containment and systematic recovery with 3. Quick healing and aims to reinstate business processes back to normal.

EC-Council Certified Incident Handler E|CIH

EC-Council’s Certified Incident Handler (E|CIH) program has been designed and developed in collaboration with cybersecurity and incident handling and response practitioners across the globe.

It is a comprehensive specialist-level program that imparts knowledge and skills that organizations need to effectively handle post breach consequences by reducing the impact of the incident, from both a financial and a reputational perspective.

Download Brochure

IS YOUR ORGANIZATION READY TO HANDLE THE NEXT INCIDENT EFFECTIVELY AND EFFICIENTLY?

Prepare to Handle and Respond to Security Incidents

This latest iteration of EC-Council’s Certified Incident Handler (E|CIH) program has been designed and developed in collaboration with cybersecurity and incident handling and response practitioners across the globe.

It is a comprehensive specialist-level program that imparts knowledge and skills that organizations need to effectively handle post breach consequences by reducing the impact of the incident, from both a financial and a reputational perspective.

LEARN REAL-WORLD INCIDENT HANDLING SKILLS

Following a rigorous development, which included a careful Job Task Analysis (JTA) related to incident handling and incident first responder jobs, EC-Council developed a highly interactive, comprehensive, standards-based, intensive 3-day training program and certification that provides a structured approach to learning real-world incident handling and response requirements.

NOT ONLY DETECT BUT MANAGE SECURITY INCIDENTS

Organizations are under constant attack and with the knowledge and skills found in the E|CIH program, professionals can now not only detect incidents, but also quickly manage and respond holistically to these incidents.

MAPS TO INDUSTRY FRAMEWORKS

Professionals interested in pursuing incident handling and response as a career require comprehensive training that not only imparts concepts but also allows them to experience real scenarios. The E|CIH program includes handson learning delivered through labs within the training program. True employability after earning a certification can only be achieved when the core of the curricula maps to and is compliant with government and industry-published incident and response frameworks.

METHOD DRIVEN PROGRAM

E|CIH is a method-driven program that uses a holistic approach to cover vast concepts concerning organizational incident handling and response from preparing and planning the incident handling response process to recovering organizational assets after a security incident. These concepts are essential for handling and responding to security incidents to protect organizations from future threats or attacks.

LEARN ALL STAGES IN INCIDENT HANDLING

This program addresses all the stages involved in incident handling and the response process to enhance your skills as an incident handler and responder, increasing your employability. This approach makes E|CIH one of the most comprehensive incident handling and response related certifications on the market today.

THINK GLOBAL EMPLOYABILITY

The skills taught in EC-Council’s E|CIH program are desired by cybersecurity professionals from around the world and is respected by employers.

E|CIH IS ONE OF THE BEST INCIDENT HANDLING PROGRAMS

Gain Access to new, advanced labs:

The E|CIH program comes with access to over 50 labs, 800 tools, and 4 OSs!

Compliant with Major Industry Frameworks:

100% Complaint with the NICE 2.0 Framework AND CREST Framework.

Comprehensive Templates Available:

A large array of templates, checklists, and cheat sheets.

E|CIH also Covers a Huge Variety of Security Incidents

Malware Incidents

Malware detections targeting
businesses increased
by 270 percent

Cloud Security Incidents

681 million cyberattacks
were launched against cloud
customers in 2018

Email Security Incidents

9 out of 10 infection attempts
throughout the year were
spam email

Web App Security Incidents

3.6% of websites suffered
web application attacks

Network Security Incidents

21.2% of devices were
exposed to network threats
in the 1st month, rising to
43.7% after 4 months

Insider Threats

$8.76 million is the avg
yearly cost of insider
threats

EC-Council Certified Incident Handler
Course Outline

Module 01: Introduction to Incident Handling and Response

  • Overview of Information Security Concepts
  • Understanding Information Security Threats and Attack Vectors
  • Understanding Information Security Incident
  • Overview of Incident Management
  • Overview of Vulnerability Management
  • Overview of Threat Assessment
  • Understanding Risk Management
  • Understanding Incident Response Automation and Orchestration
  • Incident Handling and Response Best Practices
  • Overview of Standards
  • Overview of Cybersecurity Frameworks
  • Importance of Laws in Incident Handling
  • Incident Handling and Legal Compliance

Module 02: Incident Handling and Response Process

  • Overview of Incident Handling and Response (IH&R) Process
  • Step 1: Preparation for Incident Handling and Response
  • Step 2: Incident Recording and Assignment
  • Step 3: Incident Triage
  • Step 4: Notification
  • Step 5: Containment
  • Step 6: Evidence Gathering and Forensics Analysis
  • Step 7: Eradication
  • Step 8: Recovery
  • Step 9: Post-Incident Activities

Module 03: Forensic Readiness and First Response

  • Introduction to Computer Forensics
  • Overview of Forensic Readiness
  • Overview of First Response
  • Overview of Digital Evidence
  • Understanding the Principles of Digital Evidence Collection
  • Collecting the Evidence
  • Securing the Evidence
  • Overview of Data Acquisition
  • Understanding the Volatile Evidence Collection
  • Understanding the Static Evidence Collection
  • Performing Evidence Analysis
  • Overview of Anti-Forensics

Module 04: Handling and Responding to Malware Incidents

  • Overview of Malware Incident Response
  • Preparation for Handling Malware Incidents
  • Detecting Malware Incidents
  • Containment of Malware Incidents
  • Eradication of Malware Incidents
  • Recovery after Malware Incidents
  • Guidelines for Preventing Malware Incidents

Module 05: Handling and Responding to Email Security Incidents

  • Overview of Email Security Incidents
  • Preparation for Handling Email Security Incidents
  • Detection and Containment of Email Security Incidents
  • Eradication of Email Security Incidents
  • Recovery after Email Security Incidents

Module 06: Handling and Responding to Network Security Incidents

  • Overview of Network Security Incidents
  • Preparation for Handling Network Security Incidents
  • Detection and Validation of Network Security Incidents
  • Handling Unauthorized Access Incidents
  • Handling Inappropriate Usage Incidents
  • Handling Denial-of-Service Incidents
  • Handling Wireless Network Security Incidents

Module 07: Handling and Responding to Web Application Security Incidents

  • Overview of Web Application Incident Handling
  • Web Application Security Threats and Attacks
  • Preparation to Handle Web Application Security Incidents
  • Detecting and Analyzing Web Application Security Incidents
  • Containment of Web Application Security Incidents
  • Eradication of Web Application Security Incidents
  • Recovery from Web Application Security Incidents
  • Best Practices for Securing Web Applications

Module 08: Handling and Responding to Cloud Security Incidents

  • Cloud Computing Concepts
  • Overview of Handling Cloud Security Incidents
  • Cloud Security Threats and Attacks
  • Preparation for Handling Cloud Security Incidents
  • Detecting and Analyzing Cloud Security Incidents
  • Containment of Cloud Security Incidents
  • Eradication of Cloud Security Incidents
  • Recovering from Cloud Security Incidents
  • Best Practices Against Cloud-based Incidents

Module 09: Handling and Responding to Insider Threats

  • Introduction to Insider Threats
  • Preparation for Handling Insider Threats
  • Detecting and Analyzing Insider Threats
  • Containment of Insider Threats
  • Eradication of Insider Threats
  • Recovery after Insider Attacks
  • Best Practices Against Insider Threats

Eligibility Criteria

To be eligible to sit the E|CIH Exam, the candidate must either:

Attend official E|CIH training through any of EC-Council’s Authorized Training Centers (ATCs) or attend EC-Council’s live online training via iWeek or join our self-study program through iLearn (see https://iclass. eccouncil.org).

Candidates with a minimum of 1 year of work experience in the domain that would like to apply to take the exam directly without attending training are required to pay the USD100 Eligibility Application Fee. This fee is included in your training fee should you choose to attend training.

Exam Details

Exam Title
EC-Council Certified Incident Handler
Duration
3 hours
Number of Questions
100
Exam Availability
EC-Council Exam Portal
Exam Format
Multiple Choice