EC-Council Certified Incident Handler (ECIH)

Global cybersecurity and incident handling/response specialists have worked together to build and produce the ECIH Certification. It is a specialist-level program, with CEH and CND serving as the "core" certifications that ECIH builds upon. ECIH educates security professionals on how to handle post-breach consequences by minimizing the impact of the incident, both financially and reputationally.

• Introduction to Incident Handling and Response

  • Fundamentals of information security

  • Threats, attack vectors, and definition of an incident

• Incident Management Process

  • Preparation, triage, and notification

  • Containment, evidence gathering, eradication, and recovery

• First Response

  • Immediate actions during incidents

  • Evidence collection, documentation, and preservation

• Incident Types

  • Handling malware incidents

  • Network security incidents

  • Web application incidents

  • Cloud security incidents

  • Insider threat incidents

• Incident Response Automation & Orchestration

  • Tools and processes for automating response activities

• Best Practices, Standards & Frameworks

  • Incident handling best practices

  • Standards and frameworks, including MITRE ATT&CK

• Incident Handling Laws and Compliance

  • Legal and regulatory aspects of incident handling

  • Importance of compliance in response activities

• Post-Incident Activities

  • Lessons learned and reporting

  • Information sharing and improvement of processes

The EC-Council Certified Incident Handler (ECIH) certification is designed for:

• Incident Handlers
• Risk Assessment Administrators
• Penetration Testers
• Cyber Forensic Investigators
• Venerability Assessment Auditors
• System Administrators
• System Engineers
• Firewall Administrators
• Network Managers
• IT Managers

1. Attend EC-Council Certified Incident Handler (ECIH)
2. Pass the following exams:

• ECIH (212-89)