EC-Council Certified Incident Handler (E|CIH) + Exam voucher

- Mid-level to high-level cybersecurity professionals with a minimum of 3 years of experience

- Individuals from the information security profession who want to enrich their skills and knowledge in incident handling and response

- Individuals interested in preventing cyber threats

What You Learn from E|CIH?

• Key issues plaguing the information security world
• Various types of cybersecurity threats, attack vectors, threat actors, and their motives, goals, and objectives
• Various attack and defense frameworks (Cyber Kill Chain Methodology, MITRE ATT&CK Framework, etc.)
• Fundamentals of information security concepts (vulnerability assessment, risk management, cyber threat intelligence, threat modeling, and threat hunting)
• Fundamentals of incident management (information security incidents, signs and costs of an incident, incident handling and response, and incident response automation and orchestration)
• Incident handling and response best practices, standards, cybersecurity frameworks, laws, acts, and regulations
• Steps involved in planning an incident handling and response program (planning, recording and assignment, triage, notification, containment, evidence gathering and forensic analysis, eradication, recovery, and post-incident activities)
• Importance of first response and first response procedures (evidence collection, documentation, preservation, packaging, and transportation)
• Handling and responding to different types of cybersecurity incidents (malware, email security, network security, web application security, cloud security, insider threats, and endpoint security incidents)

MODULE 01: INTRODUCTION TO INCIDENT HANDLING AND RESPONSE

• Information security threats and attack vectors
• Attack and defense frameworks
• Information security concepts
• Information security incidents
• Incident management process
• Incident response automation and orchestration
• Incident handling and response best practices
• Standards related to incident handling and response
• Cybersecurity frameworks
• Incident handling laws and legal compliance

MODULE 02: INCIDENT HANDLING AND RESPONSE PROCESS

• Incident handling and response (IH&R) process
• Preparation for incident handling and response
• Incident recording and assignment
• Incident triage
• Notification process
• Containment process
• Evidence gathering and forensic analysis
• Eradication process
• Recovery process
• Post-incident activities
• Information sharing activities

MODULE 03: FIRST RESPONSE

• Concept of first response
• Securing and documenting the crime scene
• Collecting evidence at the crime scene
• Preserving, packaging, and transporting evidence

MODULE 04: HANDLING AND RESPONDING TO MALWARE INCIDENTS

• Malware incident handling
• Preparation for malware incidents
• Detection of malware incidents
• Containment of malware incidents
• Malware analysis
• Eradication of malware incidents
• Recovery after malware incidents
• Malware incident case study
• Best practices against malware incidents

MODULE 05: HANDLING AND RESPONDING TO EMAIL SECURITY INCIDENTS

• Email security incidents
• Preparation for email security incidents
• Detection and containment of email security incidents
• Analysis of email security incidents
• Eradication of email security incidents
• Recovery after email security incidents
• Email security incident case study
• Best practices against email security incidents

MODULE 06: HANDLING AND RESPONDING TO NETWORK SECURITY INCIDENTS

• Network security incident handling
• Preparation for network security incidents
• Detection and validation of network security incidents
• Unauthorized access incidents
• Inappropriate usage incidents
• Denial-of-service incidents
• Wireless network security incidents
• Network security incident case study
• Best practices against network security incidents

MODULE 07: HANDLING AND RESPONDING TO WEB APPLICATION SECURITY INCIDENTS

• Web application incident handling
• Preparation for web application security incidents
• Detection and containment of web application security incidents
• Analysis of web application security incidents
• Eradication of web application security incidents
• Recovery after web application security incidents
• Web application incident case study
• Best practices for securing web applications

MODULE 08: HANDLING AND RESPONDING TO CLOUD SECURITY INCIDENTS

• Cloud security incident handling
• Steps involved in handling cloud security incidents
• Azure security incident handling
• AWS security incident handling
• Google Cloud security incident handling
• Cloud security incident case study
• Best practices against cloud security incidents

MODULE 09: HANDLING AND RESPONDING TO INSIDER THREATS

• Insider threat handling
• Preparation for insider threats
• Detection and containment of insider threats
• Analysis of insider threats
• Eradication of insider threats
• Recovery after insider attacks
• Insider threat case study
• Best practices against insider threats

MODULE 10: HANDLING AND RESPONDING TO ENDPOINT SECURITY INCIDENTS

• Endpoint security incident handling
• Mobile-based security incidents
• IoT-based security incidents
• OT-based security incidents
• Endpoint security incident case study

Attendees should meet the following prerequisites:

• It is recommended that you have at least 1 year of experience in the cybersecurity domain in order to maximize course outcomes.

Recommended as preparation for the following exam:

• 212-89 - EC-Council Certified Incident Handler

Examination

Exam Availability
ECC Exam Portal

Number of Questions
100

Duration
3 Hours

Test Format
Multiple Choice