EC-Council’s Certified Incident Handler program provides students with the knowledge, skills, and abilities required to predict, address, and eradicate threats and threat actors during an incident. This ANAB-Accredited and US DoD 8140 approved program provides a comprehensive incident handling and response process, including actual laboratories that teach the tactical processes and tactics required to successfully Plan, Record, Triage, Notify, and Contain. The students will learn how to manage various types of events, risk assessment approaches, and incident handling regulations and procedures. After completing the course, students will be able to create IH&R policies and handle a wide range of security issues, including malware, email, networks, web applications, cloud, and insider threats.
What will you learn
- Key concerns confronting the information security community.
- Various forms of cybersecurity threats, attack vectors, threat actors, and their motives, goals, and objectives for cybersecurity attacks
- Various attack and defense frameworks (such as the Cyber Kill Chain Methodology and the MITRE ATT&CK Framework)
- Fundamentals of information security concepts: vulnerability assessment, risk management, cyber threat intelligence, threat modeling, and threat hunting.
- Various attack and defense frameworks (Cyber Kill Chain Methodology, MITRE ATT&CK Framework, etc.)
- Fundamentals of incident management (information security incidents, indicators and costs of an event, incident handling and response, and incident response automation and orchestration)
- Various incident management and response best practices, standards, cybersecurity frameworks, laws, acts, and regulations.
- Various steps involved in planning incident handling and response programme (planning, recording and assignment, triage, notification, containment, evidence gathering and forensic investigation, eradication, recovery, and post-incident activities)
- Importance of first response and its protocol (evidence collecting, documenting, preservation, packaging, and transportation).
- How to handle and respond to several sorts of cybersecurity issues in a methodical manner (malware incidents, email security incidents, network security incidents, web application security incidents, cloud security incidents, insider threat-related incidents, and endpoint security incidents).
Exam Details
Number of Questions: 100
Exam Duration: 3 Hours
Exam Title: EC-Council Certified Incident Handler
Availability: EC-Council Exam Portal
Exam Format: Multiple Choice
Â
Curriculum
- 10 Sections
- 81 Lessons
- 30 Days
Expand all sectionsCollapse all sections
- Module 01: Introduction to Incident Handling and Response10
- 1.1Understand Information Security Threats and Attack Vectors
- 1.2Explain Various Attack and Defense Framework
- 1.3Understand Information Security Concepts
- 1.4Understand Information Security Incidents
- 1.5Understand the Incident Management Process
- 1.6Understand Incident Response Automation and Orchestration
- 1.7Describe Various Incident Handling and Response Best Practices
- 1.8Explain Various Standards Related to Incident Handling and Response
- 1.9Explain Various Cybersecurity Frameworks
- 1.10Understand Incident Handling Laws and Legal Complaince
- Module 2: Incident Handling and Response Process11
- 2.1Understand Incident Handling and Response (IH & R) Process
- 2.2Explain preparation steps for Incident Handling and Response
- 2.3Understand Incident Recording and Assignment
- 2.4Understand Incident Triage
- 2.5Explain the Process of Notification
- 2.6Understand the process of containment
- 2.7Describe Evidence Gathering and Forensics Analysis
- 2.8Explain the Process of Eradication
- 2.9Undertsand the Process of Recovery
- 2.10Describe Various Post-Incident Activities
- 2.11Explain the Importance of Information Sharing Activities
- Module 03: First Response4
- Module 04: Handling and Responding to Malware Incidents9
- 4.1Understand the Handling of Malware Incidents
- 4.2Explain Preparation for Handling Malware Incidents
- 4.3Understand Detection of Malware Incidents
- 4.4Explain Containment of Malware Incidents
- 4.5Describe How to Perform Malware Analysis
- 4.6Understand Eradication of Malware Incidents
- 4.7Explain Recovery after Malware Incidents
- 4.8Understand the Handling of Malware Incidents â Case Study
- 4.9Describe Best Practices against Malware Incidents
- Module 05: Handling and Responding to Email Security Incidents10
- 5.1Understand the Handling of Network Security Incidents
- 5.2Prepare to Handle Network Security Incidents
- 5.3Explain Eradication of Email Security Incidents
- 5.4Understand Detection and Validation of Network Security Incidents
- 5.5Understand the Handling of Unauthorized Access Incidents
- 5.6Understand the Handling of Inappropriate Usage Incidents
- 5.7Understand the Handling of Denial-of-Service Incidents
- 5.8Understand the Handling of Wireless Network Security Incidents
- 5.9Understand the Handling of Network Security Incidents â Case Study
- 5.10Describe Best Practices Against Network Security Incidents
- Module 06: Handling and Responding to Network Security Incidents9
- 6.1Understand the Handling of Network Security Incidents
- 6.2Prepare to Handle Network Seurity Incidents
- 6.3Understand Detection and Validation of Network Security Incidents
- 6.4Understand the Handling of Unauthorized Access Incidents
- 6.5Understand the Handling of Denial-of-Service Incidents
- 6.6Understand the Handling of Wireless Network Security Incidents
- 6.7Understand the Handling of Network Security Incidents- Case Study
- 6.8Describe Best Practices against Network Security Incidents
- 6.9Understand the Handling of Inappropriate Access Incidents
- Module 07: Handling and Responding to Web Application Security Incidents8
- 7.1Understand the Handling of Web Application Incidents
- 7.2Explain Preparation for Handling Web Application Security Incidents
- 7.3Understand Detection and Containment of Web Application Security Incidents
- 7.4Explain Analysis of Web Application Security Incidents
- 7.5Understand Eradication of Web Application Security Incidents
- 7.6Explain Recovery after Web Application Security Incidents
- 7.7Understand the Handling of Web Application Security Incidents- Case Study
- 7.8Describe Best Practices for Securing Web Applications
- Module 08: Handling and Responding to Cloud Security Incidents7
- 8.1Understand the Handling of Cloud Security Incidents
- 8.2Explain Various Steps Involved in Handling Cloud Service Incidents
- 8.3Understand How to Handle Azure Security Incidents
- 8.4Understand How to Handle AWS Security Incidents
- 8.5Understand How to Handle Google Cloud Security Incidents
- 8.6Understand the Handling of Cloud Security Incidents-Case Study
- 8.7Explain Best Practices against Cloud Security Incidents
- Module 09: Handling and Responding to Insider Threats8
- 9.1Understand the Handling of Insider Threats
- 9.2Explain Preparation Steps for Handling Insider Threats
- 9.3Understand Detection and Containment of Insider Threats
- 9.4Explain Analysis of Insider Threats
- 9.5Understand Eradication of Insider Threats
- 9.6Undertsand the Process of Recovery after Insider Attacks
- 9.7Understand the Handling of Insider Threats- Case Study
- 9.8Describe Best Practices against Insider Threats
- Module 10: Handling and Responding to Endpoint Security Incidents5
- 10.1Understand the Handling of Endpoint Security Incidents
- 10.2Explain the Handling of Mobile-based Security Incidents
- 10.3Explain the Handling of IoT-based Security Incidents
- 10.4Explain the Handling of OT-based Security Incidents
- 10.5Understanding the Handling of Endpoint Security Incidents- Case Study
