Certified Incident Handler (ECIH)

Seminarinformationen

Seminar - Ziel

This latest iteration of EC-Council’s Certified Incident Handler (E|CIH) program has been designed and developed in collaboration with cybersecurity and incident handling and response practitioners across the globe.

It is a comprehensive specialist-level program that imparts knowledge and skills that organizations need to effectively handle post breach consequences by reducing the impact of the incident, from both a financial and a reputational perspective.

Following a rigorous development which included a careful Job Task Analysis (JTA) related to incident handling and incident first responder jobs, EC-Council developed a highly interactive, comprehensive, standards-based, intensive 3-day training program and certification that provides a structured approach to learning real-world incident handling and response requirements.

Teilnehmer - Zielgruppe

The incident handling skills taught in E|CIH are complementary to the job roles below as well as many other cybersecurity jobs:

• Penetration Testers
• Vulnerability Assessment Auditors
• Risk Assessment Administrators
• Network Administrators
• Application Security Engineers
• Cyber Forensic Investigators/ Analyst and SOC Analyst
• System Administrators/Engineers
• Firewall Administrators and Network Managers/IT Managers

Kurs - Voraussetzungen

• Administration of Windows/Unix/Linux systems (at least 1 year of experience) or comparable knowledge
• Network and security basic knowledge

Seminardauer

• 3 Tage
• 09:00 Uhr bis 17:00 Uhr

Schulungsunterlagen

• nach Absprache

Seminar-Inhalt / Agenda

Module 01: Introduction to Incident Handling and Response

• Overview of Information Security Concepts
• Understanding Information Security Threats and Attack Vectors
• Understanding Information Security Incident
• Overview of Incident Management
• Overview of Vulnerability Management
• Overview of Threat Assessment
• Understanding Risk Management
• Understanding Incident Response Automation and Orchestration
• Incident Handling and Response Best Practices
• Overview of Standards
• Overview of Cybersecurity Frameworks
• Importance of Laws in Incident Handling
• Incident Handling and Legal Compliance

Module 02: Incident Handling and Response Process

• Overview of Incident Handling and Response (IH&R) Process
• Step 1: Preparation for Incident Handling and Response
• Step 2: Incident Recording and Assignment
• Step 3: Incident Triage
• Step 4: Notification
• Step 5: Containment
• Step 6: Evidence Gathering and Forensics Analysis
• Step 7: Eradication
• Step 8: Recovery
• Step 9: Post-Incident Activities

Module 03: Forensic Readiness and First Response

• Introduction to Computer Forensics
• Overview of Forensic Readiness
• Overview of First Response
• Overview of Digital Evidence
• Understanding the Principles of Digital Evidence Collection
• Collecting the Evidence
• Securing the Evidence
• Overview of Data Acquisition
• Understanding the Volatile Evidence Collection
• Understanding the Static Evidence Collection
• Performing Evidence Analysis
• Overview of Anti-Forensics

Module 04: Handling and Responding to Malware Incidents

• Overview of Malware Incident Response
• Preparation for Handling Malware Incidents
• Detecting Malware Incidents
• Containment of Malware Incidents
• Eradication of Malware Incidents
• Recovery after Malware Incidents
• Guidelines for Preventing Malware Incidents

Module 05: Handling and Responding to Email Security Incidents

• Overview of Email Security Incidents
• Preparation for Handling Email Security Incidents
• Detection and Containment of Email Security Incidents ▪ Indications of Email Attack ▪ Indications
• of Identity Theft
• Eradication of Email Security Incidents
• Recovery after Email Security Incidents

Module 06: Handling and Responding to Network Security Incidents

• Overview of Network Security Incidents
• Preparation for Handling Network Security Incidents
• Detection and Validation of Network Security Incidents
• Handling Unauthorized Access Incidents
• Handling Inappropriate Usage Incidents
• Handling Denial-of-Service Incidents
• Handling Wireless Network Security Incidents

Module 07: Handling and Responding to Web Application Security Incidents

• Overview of Web Application Incident Handling
• Web Application Security Threats and Attacks
• Preparation to Handle Web Application Security Incidents
• Detecting and Analyzing Web Application Security Incidents
• Containment of Web Application Security Incidents
• Eradication of Web Application Security Incidents
• Recovery from Web Application Security Incidents
• Best Practices for Securing Web Applications

Module 08: Handling and Responding to Cloud Security Incidents

• Cloud Computing Concepts
• Overview of Handling Cloud Security Incidents
• Cloud Security Threats and Attacks
• Preparation for Handling Cloud Security Incidents
• Detecting and Analyzing Cloud Security Incidents
• Containment of Cloud Security Incidents
• Eradication of Cloud Security Incidents
• Recovering from Cloud Security Incidents
• Best Practices Against Cloud-based Incidents

Module 09: Handling and Responding to Insider Threats

• Introduction to Insider Threats
• Preparation for Handling Insider Threats
• Detecting and Analyzing Insider Threats
• Containment of Insider Threats
• Eradication of Insider Threats
• Recovery after Insider Attacks
• Best Practices Against Insider Threats

Weitere Schulungen zu Thema EC-Council