EC-Council Certified Incident Handler ECIH Training Course

Who is it For?

The EC-Council certified incident handler training course is developed after a rigorous Job Task Analysis (JTA) to cater to various roles involved in IH&R fields. It is an all-inclusive, highly interactive, and structure-based training program. It is complimentary to the following job roles as well as many others in the cybersecurity field. 

• Penetration Testers

• Application Security Engineers

• Vulnerability Assessment Auditors

• System Engineers

• Cyber Forensic Analysts/Investigators

• Risk Assessment Administrators

• SOC Analysts

• Network Administrators 

• IT Managers

• Firewall Administrators 

• Networks Managers

Job Roles

Individuals completing the certified incident handler EC-Council’s training course and passing the examination can qualify for the following job roles: 

Key Outcomes

The EC-Council ECIH training aims to prepare with the skills, knowledge, and expertise to prepare for, act against, and stamp out threat vectors and actors experienced by an organization in an incident. The key outcomes of this course further include:  

1. Practical skill-building through lab setups simulating a real-world environment 

2. Advanced forensic software, threat intelligence, and risk prevention knowledge

3. In-depth learning of patched operating systems, threat vectors, and security incidents

4. Understand, detect, and analyze modern attack TTPs by practicing incident-handling tools and techniques

5. Understanding information security concepts such as threat hunting, risk management, vulnerability assessment, cyber intelligence, and incident handling best practices, regulatory standards, and frameworks

6. Learn handling and respond to different cybersecurity incidents such as email, network, web application, cloud, and endpoint security breaches, malware, insider threats, and phishing attacks systematically 

About the Exam

To achieve the ECIH certification credential, candidates must take the EC-Council’s exam designed by IH&R industry experts. It will test the knowledge, practical skills, and abilities they have learned during the course. Candidates can attempt the exam after completing their training from the Authorized Training Center (ATC). After passing the EC-Council incident handler training program exam, they will receive an industry-recognized certificate and membership privileges. 

Exam Title: EC-Council Certified Incident Handler

Exam Code: 212-89 

Number of Questions: 50

Duration: 2 hours

Availability: ECC Exam Portal

Test Format: Multiple Choice Questions

Passing Score: 70%

Course Learning Objectives

The EC-Council certified incident handler training also covers post-incident activities such as Containment, Eradication, Evidence Gathering, and Forensic Analysis, leading to prosecution or countermeasures to ensure the incident is not repeated. It is a method-driven course that provides a holistic approach covering vast concepts related to organizational IH&R, from preparing/planning the incident handling response to recovering assets from the impact of security incidents. The EC-Council incident handler training program learning objectives includes:

1. Basic Understanding of Incident Handling and Response: Defense Frameworks, Response Best Practices, IH&R Automation, Information Security, Threats, Attack Vectors, and Regulatory Compliance

2. IH&R Process: Incident Triage, Evidence Gathering, Forensic Analysis, Eradication Best Practices, and Post-Incident Activities 
   
   

3. First Response: Securing, Documenting, and Analyzing the Crime Scene, Gathering, Preserving, and Transporting Evidence 
   
   

4. Handling and Responding to Malware Incidents: Preparation, Detection, Handling, Analyzing, and Recovering from Malware Incidents 
   
   

5. Handling and Responding Email Security Incidents: Understanding, Detecting, Containmenting, Eradicating, and Recovering from Email Security Incidents
   
   

6. Handling and Responding to Network Security Incidents: Identifying Unauthorized Access, Denial-of-Service Incident Handling, and Overall Network Security
   
   

7. Handling and Responding to Web Application Security Incidents: Preparing, Detecting, Analyzing, Eradicating, and Recovering from Web Application Security Incidents 
   
   

8. Handling and Responding Cloud Security Incidents: Handling Azure, AWS, and Google Cloud Security Incidents, Implementing Recovery Best Practices 
   
   

9. Handling and Responding Insider Threats: Understanding, Handling, Eradicating Insider Threats, Implementing Best Post-Incident Recovery Practices  
   
   

10. Handling and Responding Endpoint Security Incidents: Handling Endpoint, Mobile-, IoT-, and OT-Based Security Incidents