Focuses on a structured approach for performing the incident handling and response process (IH&R).
Certificate Exam Details
EC-Council’s Certified Incident Handler provides students with a method-driven program that uses a holistic approach to cover vast concepts concerning organizational incident handling and response from preparing and planning the incident handling response process to recovering organizational assets after a security incident. The skills taught in EC-Council’s ECIH program are desired by cybersecurity professionals from around the world and is respected by employers. ECIH is a specialist-level program that caters to mid-level to high-level cybersecurity professionals.
The IH&R process includes stages like incident handling and response preparation, incident validation and prioritization, incident escalation and notification, forensic evidence gathering and analysis, incident containment, systems recovery, and incident eradication. This systematic incident handling and response process creates awareness among incident responders in knowing how to respond to various types of security incidents.
- Risk Assessment: The graduate applies NIST’s risk assessment methodology to conduct IT risk assessment.
- Incident Response and Handling Steps: The graduate describes steps in incident response and handling procedures.
- CSIRT: The graduate defines the purpose, protocol, and functions of a Computer Security Incident Response Team (CSIRT).
- Handling Network Security Incidents: The graduate describes security incident types and procedures for handling them.
- Handling Insider Threats: The graduate describes steps in detecting and preventing insider threats.
- Forensic Analysis and Incident Response: The graduate describes the role of forensics analysis in incident response and prevention plan.
- Incident Reporting: The graduate describes the purpose, key elements, and procedure for creating an incident report.
- Security Policies and Laws: The graduate distinguishes the purpose and elements of a security policy in order to comply with the laws and regulations related to handling a security incident.
- Incident Recovery and Continuity Planning: Able to describe the principles of incident recovery and continuity planning in order to evaluate business impact.