Tools Covered in this Course
Course Details
Overview:
This latest iteration of EC-Council’s Certified Incident Handler (E|CIH) program has been designed and developed in collaboration with cybersecurity and incident handling and response practitioners across the globe. It is a comprehensive specialist-level program that imparts knowledge and skills that organizations need to effectively handle post-breach consequences by reducing the impact of the incident, from both a financial and a reputational perspective.
The EC-Council Certified Incident Handler (ECIH) program is designed to provide the fundamental skills to handle and respond to computer security incidents in an information system while preparing you to pass the ECIH exam. The course provides incident response training by addressing various underlying principles and techniques for detecting and responding to current and emerging computer security threats. After attending the course, you will be able to create incident handling and response policies and deal with various types of computer security incidents.
E|CIH is a method-driven program that uses a holistic approach to cover vast concepts concerning organizational incident handling and response from preparing and planning the incident handling response process to recovering organizational assets after a security incident. These concepts are essential for handling and responding to security incidents to protect organizations from future threats or attacks.
Who Is It For?
This course and exam are designed to meet the needs of IT professionals who wish to gain industry-wide recognition within a wide range of roles in the industry. These include incident-handler, risk administrator, penetration tester, forensic investigator, venerability assessment auditor, system administrator, system engineer, firewall administrator, network manager, and IT manager.
Why Should I Enroll?
Achieving
ECIH certification will impress potential employers by formalizing your
skillset when it comes to handling common security issues such as network
security incidents, malicious code incidents, and insider attack threats.
There
is a strong emphasis on practical learning throughout the training, making it
easy to apply the course content to the real-life scenarios you will be
required to efficiently respond to in the course of your day-to-day job. This
hands-on approach is further enhanced with the inclusion of EC-Council’s iLabs,
with its 100% automated cloud-based cyber range.
Studying
online is the ideal solution for busy IT professionals who need to fit their
continuing career development around their other commitments. On signing up,
you are given a full 12 months to complete the training, which includes the
exam. Furthermore, the content is compatible with Windows, Mac, iPhone, iPad,
and Android, meaning you can study at your convenience, wherever you have an
internet connection.
Learning Objectives of E|CIH Program:
- Understand the key issues plaguing the information security world
- Learn to combat different types of cybersecurity threats, attack vectors, threat actors, and their motives
- Learn the fundamentals of incident management including the signs and costs of an incident
- Understand the fundamentals of vulnerability management, threat assessment, risk management, and incident response automation and orchestration
- Master all incident handling and response best practices, standards, cybersecurity frameworks, laws, acts, and regulations
- Decode the various steps involved in planning an incident handling and response program
- Gain an understanding of the fundamentals of computer forensics and forensic readiness
- Comprehend the importance of the first response procedure including evidence collection, packaging, transportation, storing, data acquisition, volatile and static evidence collection, and evidence analysis
- Understand anti-forensics techniques used by attackers to find cybersecurity incident cover-ups
- Apply the right techniques to different types of cybersecurity incidents in a systematic manner including malware incidents, email security incidents, network security incidents, web application security incidents, cloud security incidents, and insider threat-related incidents.
Prerequisites:
No qualifications are needed to embark on the course; however, it is assumed that you are already working in the field of computer security or have the necessary technical skills to do so.
Secure your future as a successful computer security professional today by signing up to Certified Incident Handler (ECIH).
Course Outline:
Module 01: Incident Handling and Response Process
- Overview of Information Security Concepts
- Understanding Information Security Threats and Attack Vectors
- Understanding Information Security Incident
- Overview of Incident Management
- Overview of Vulnerability Management
- Overview of Threat Assessment
- Understanding Risk Management
- Understanding Incident Response Automation and Orchestration
- Incident Handling and Response Best Practices
- Overview of Standards
- Overview of Cybersecurity Frameworks
- Importance of Laws in Incident Handling
- Incident Handling and Legal Compliance
Module 02: Incident Handling and Response Process
- Overview of Incident Handling and Response (IH&R) Process
- Step 1: Preparation for Incident Handling and Response
- Step 2: Incident Recording and Assignment
- Step 3: Incident Triage
- Step 4: Notification
- Step 5: Containment
- Step 6: Evidence Gathering and Forensics Analysis
- Step 7: Eradication
- Step 8: Recovery
- Step 9: Post-Incident Activities
Module 03: Forensic Readiness and First Response
- Introduction to Computer Forensics
- Overview of Forensic Readiness
- Overview of First Response
- Overview of Digital Evidence
- Understanding the Principles of Digital Evidence Collection
- Collecting the Evidence
- Securing the Evidence
- Overview of Data Acquisition
- Understanding the Volatile Evidence Collection
- Understanding the Static Evidence Collection
- Performing Evidence Analysis
- Overview of Anti-Forensics
Module 04: Handling and Responding to Malware Incidents
- Overview of Malware Incident Response
- Preparation for Handling Malware Incidents
- Detecting Malware Incidents
- Containment of Malware Incidents
- Eradication of Malware Incidents
- Recovery after Malware Incidents
- Guidelines for Preventing Malware Incidents
Module 05: Handling and Responding to Email Security Incidents
- Overview of Email Security Incidents
- Preparation for Handling Email Security Incidents
- Detection and Containment of Email Security Incidents
- Eradication of Email Security Incidents
- Recovery after Email Security Incidents
Module 06: Handling and Responding to Network Security Incidents
- Overview of Network Security Incidents
- Preparation for Handling Network Security Incidents
- Detection and Validation of Network Security Incidents
- Handling Unauthorized Access Incidents
- Handling Inappropriate Usage Incidents
- Handling Denial-of-Service Incidents
- Handling Wireless Network Security Incidents
Module 07: Handling and Responding to Web Application Security Incidents
- Overview of Web Application Incident Handling
- Web Application Security Threats and Attacks
- Preparation to Handle Web Application Security Incidents
- Detecting and Analyzing Web Application Security Incidents
- Containment of Web Application Security Incidents
- Eradication of Web Application Security Incidents
- Recovery from Web Application Security Incidents
- Best Practices for Securing Web Applications
Module 08: Handling and Responding to Cloud Security Incidents
- Cloud Computing Concepts
- Overview of Handling Cloud Security Incidents
- Cloud Security Threats and Attacks
- Preparation for Handling Cloud Security Incidents
- Detecting and Analyzing Cloud Security Incidents
- Containment of Cloud Security Incidents
- Eradication of Cloud Security Incidents
- Recovering from Cloud Security Incidents
- Best Practices Against Cloud-based Incidents
Module 09: Handling and Responding to Insider Threats
- Introduction to Insider Threats
- Preparation for Handling Insider Threats
- Detecting and Analyzing Insider Threats
- Containment of Insider Threats
- Eradication of Insider Threats
- Recovery after Insider Attacks
- Best Practices Against Insider Threats
