Login

OTP sent to

Certified Incident Handler - ECIH

Home > Courses > Certified Incident Handler - ECIH

Certified Incident Handler - ECIH

EC Council Courses

Duration
45 Hours

Course Description

            A Certified Incident Handler (CIH) program equips professionals with the knowledge and skills to effectively manage and respond to cybersecurity incidents. This typically includes learning how to detect, analyze, contain, eradicate, and recover from various types of security breaches, such as malware, email, network, and web application attacks, as well as insider threats. The program also covers incident handling and response planning, risk assessment, and relevant laws and policies. 

Course Outline For Certified Incident Handler - ECIH

1. Introduction to Incident Handling and Response

  • Understanding information security threats and attack vectors.
  • Exploring various attack and defense frameworks, such as the Cyber Kill Chain Methodology and MITRE ATT&CK Framework.
  • Understanding information security concepts like vulnerability management, risk management, and threat assessment.
  • Understanding incident management fundamentals, including incident signs and costs, and incident response automation and orchestration.
  • Exploring incident handling and response best practices, standards, and legal compliance. 

2. Incident Handling and Response Process

  • Understanding the Incident Handling and Response (IH&R) process.
  • Learning about the preparation steps involved in IH&R.
  • Understanding incident recording and assignment.
  • Learning about incident triage and notification procedures.
  • Understanding the process of containment, eradication, recovery, and post-incident activities.
  • Exploring the importance of information sharing activities in incident response. 

3. Forensic Readiness and First Response

  • Understanding the concept of first response in incident handling.
  • Learning the procedures for securing and documenting the crime scene.
  • Understanding the process of collecting, preserving, packaging, and transporting evidence.
  • Exploring the use of tools for evidence collection and forensic analysis. 

4. Handling and Responding to Specific Incident Types

  • Malware Incidents: Understanding the handling, preparation, detection, containment, analysis, eradication, and recovery for malware incidents. Case studies and best practices are included.
  • Email Security Incidents: Covers handling, preparation, detection, containment, analysis, eradication, and recovery for email security incidents. Case studies and best practices are included.
  • Network Security Incidents: Focuses on handling, preparation, detection, containment, analysis, eradication, and recovery for network security incidents, including unauthorized access, inappropriate usage, denial-of-service, and wireless network security incidents. Case studies and best practices are included.
  • Web Application Security Incidents: Covers handling, preparation, detection, containment, analysis, eradication, and recovery for web application security incidents. Case studies and best practices are included.
  • Cloud Security Incidents: Explores the handling of cloud security incidents, including those related to Azure, AWS, and Google Cloud. Case studies and best practices are included.
  • Insider Threats: Covers handling, preparation, detection, containment, analysis, eradication, and recovery for insider threats. Case studies and best practices are included.
  • Endpoint Security Incidents: Addresses the handling of mobile, IoT, and OT-based security incidents. Case studies are included. 
Enquire Now