EC-Council Certified Incident Handler (ECIH)
- Training
- Course Outline
- Careers
- Exam
Training is available online or live with an instructor, giving learners the flexibility to choose the format that fits their schedule and learning style.
Training Hours
40 hours (Instructor-led)
Skills Gained With ECIH
Incident detection, response, and recovery techniques
Threat and malware analysis
Digital forensics and evidence handling
Security operations and monitoring
Risk assessment and mitigation strategies
Development of incident response plans
Module 01: Introduction to Incident Handling and Response
Provides foundational knowledge on incident handling and response, including what constitutes a security incident, types of threats and attacks, incident terminologies, and the importance of formal incident response processes in organisational security.
Module 02: Incident Handling and Response Process
Covers the complete incident handling and response lifecycle, including preparation, recording and assignment, triage and prioritisation, notification, containment, evidence gathering and forensic analysis, eradication, recovery, and post‑incident activities.
Module 03: Forensic Readiness and First Response
Teaches how to prepare for incidents from a forensic perspective, including establishing forensic readiness, securing and documenting the scene, collecting and preserving evidence, and ensuring proper chain of custody for later analysis and legal proceedings.
Module 04: Handling and Responding to Malware Incidents
Explains how to recognise, analyse, and handle malware‑related incidents — from detection and containment through eradication and system recovery — including practical techniques for analysing malware behaviour.
Module 05: Handling and Responding to Email Security Incidents
Focuses on detecting, analysing, and responding to email‑based threats such as phishing, spoofing, malware attachments, and compromised accounts. This module also covers containment and remediation best practices.
Module 06: Handling and Responding to Network Security Incidents
Guides learners on responding to network‑focused threats including intrusion attempts, denial of service, unauthorised access, and lateral movement within a network — covering detection, containment, and mitigation strategies.
Module 07: Handling and Responding to Web Application Security Incidents
Explores techniques for identifying and mitigating security incidents involving web applications, such as injection attacks, cross‑site scripting, misconfigurations, and exploitation of web‑facing services.
Module 08: Handling and Responding to Cloud Security Incidents
Covers incident handling principles specific to cloud environments, including detecting account compromise, data breach response, misconfigured services, and coordinating with cloud service provider tools and logging for investigation and response.
Module 09: Handling and Responding to Insider Threats
Describes how to identify, analyse, and respond to threats originating from within an organisation — such as negligent or malicious insider activity — including monitoring, investigation methods, and containment strategies.
Lead and support responses to security breaches, including containment, eradication, and recovery.
SOC Analyst (Tier 1 / Tier 2)
Monitor alerts, triage incidents, and escalate complex security events.
Cybersecurity Analyst
Identify threats, analyze security events, and implement preventive measures.
Security Operations Specialist
Maintain security tools and assist in operational security activities.
IT Security Consultant
Advise organizations on incident management, risk mitigation, and security best practices.
Red Team / Blue Team Analyst
Participate in proactive and reactive security measures to strengthen organizational defenses.
Multiple choice
Questions
100
Duration
4 hours
Delivery
Online via the ECC exam portal
Passing score
70% or higher