Certified Incident Handler (ECIH)
Seminarinformationen
Seminar - Ziel
This latest iteration of EC-Council’s Certified Incident Handler (E|CIH) program has been designed and developed in collaboration with cybersecurity and incident handling and response practitioners across the globe.
It is a comprehensive specialist-level program that imparts knowledge and skills that organizations need to effectively handle post breach consequences by reducing the impact of the incident, from both a financial and a reputational perspective.
Following a rigorous development which included a careful Job Task Analysis (JTA) related to incident handling and incident first responder jobs, EC-Council developed a highly interactive, comprehensive, standards-based, intensive 3-day training program and certification that provides a structured approach to learning real-world incident handling and response requirements.
Teilnehmer - Zielgruppe
The incident handling skills taught in E|CIH are complementary to the job roles below as well as many other cybersecurity jobs:
- Penetration Testers
- Vulnerability Assessment Auditors
- Risk Assessment Administrators
- Network Administrators
- Application Security Engineers
- Cyber Forensic Investigators/ Analyst and SOC Analyst
- System Administrators/Engineers
- Firewall Administrators and Network Managers/IT Managers
Kurs - Voraussetzungen
- Administration of Windows/Unix/Linux systems (at least 1 year of experience) or comparable knowledge
- Network and security basic knowledge
Seminardauer
- 3 Tage
- 09:00 Uhr bis 17:00 Uhr
Schulungsunterlagen
Seminar-Inhalt / Agenda
Module 01: Introduction to Incident Handling and Response
- Overview of Information Security Concepts
- Understanding Information Security Threats and Attack Vectors
- Understanding Information Security Incident
- Overview of Incident Management
- Overview of Vulnerability Management
- Overview of Threat Assessment
- Understanding Risk Management
- Understanding Incident Response Automation and Orchestration
- Incident Handling and Response Best Practices
- Overview of Standards
- Overview of Cybersecurity Frameworks
- Importance of Laws in Incident Handling
- Incident Handling and Legal Compliance
Module 02: Incident Handling and Response Process
- Overview of Incident Handling and Response (IH&R) Process
- Step 1: Preparation for Incident Handling and Response
- Step 2: Incident Recording and Assignment
- Step 3: Incident Triage
- Step 4: Notification
- Step 5: Containment
- Step 6: Evidence Gathering and Forensics Analysis
- Step 7: Eradication
- Step 8: Recovery
- Step 9: Post-Incident Activities
Module 03: Forensic Readiness and First Response
- Introduction to Computer Forensics
- Overview of Forensic Readiness
- Overview of First Response
- Overview of Digital Evidence
- Understanding the Principles of Digital Evidence Collection
- Collecting the Evidence
- Securing the Evidence
- Overview of Data Acquisition
- Understanding the Volatile Evidence Collection
- Understanding the Static Evidence Collection
- Performing Evidence Analysis
- Overview of Anti-Forensics
Module 04: Handling and Responding to Malware Incidents
- Overview of Malware Incident Response
- Preparation for Handling Malware Incidents
- Detecting Malware Incidents
- Containment of Malware Incidents
- Eradication of Malware Incidents
- Recovery after Malware Incidents
- Guidelines for Preventing Malware Incidents
Module 05: Handling and Responding to Email Security Incidents
- Overview of Email Security Incidents
- Preparation for Handling Email Security Incidents
- Detection and Containment of Email Security Incidents ▪ Indications of Email Attack ▪ Indications
- of Identity Theft
- Eradication of Email Security Incidents
- Recovery after Email Security Incidents
Module 06: Handling and Responding to Network Security Incidents
- Overview of Network Security Incidents
- Preparation for Handling Network Security Incidents
- Detection and Validation of Network Security Incidents
- Handling Unauthorized Access Incidents
- Handling Inappropriate Usage Incidents
- Handling Denial-of-Service Incidents
- Handling Wireless Network Security Incidents
Module 07: Handling and Responding to Web Application Security Incidents
- Overview of Web Application Incident Handling
- Web Application Security Threats and Attacks
- Preparation to Handle Web Application Security Incidents
- Detecting and Analyzing Web Application Security Incidents
- Containment of Web Application Security Incidents
- Eradication of Web Application Security Incidents
- Recovery from Web Application Security Incidents
- Best Practices for Securing Web Applications
Module 08: Handling and Responding to Cloud Security Incidents
- Cloud Computing Concepts
- Overview of Handling Cloud Security Incidents
- Cloud Security Threats and Attacks
- Preparation for Handling Cloud Security Incidents
- Detecting and Analyzing Cloud Security Incidents
- Containment of Cloud Security Incidents
- Eradication of Cloud Security Incidents
- Recovering from Cloud Security Incidents
- Best Practices Against Cloud-based Incidents
Module 09: Handling and Responding to Insider Threats
- Introduction to Insider Threats
- Preparation for Handling Insider Threats
- Detecting and Analyzing Insider Threats
- Containment of Insider Threats
- Eradication of Insider Threats
- Recovery after Insider Attacks
- Best Practices Against Insider Threats
Weitere Schulungen zu Thema EC-Council
- u.a. in Nürnberg, Berlin, Stuttgart, München, KölnCertified Network Defender (CND) is a vendor-neutral, hands-on, instructor-led comprehensive network security certification training program. It is a skills-based, lab intensive program based on the security education framework and work role task analysis presented by the ...
- u.a. in Nürnberg, Berlin, Stuttgart, München, KölnThe Computer Hacking Forensic Investigator (CHFI) course delivers the security discipline of digital forensics from a vendor-neutral perspective. CHFI is a comprehensive course covering major forensic investigation scenarios and enabling students to acquire necessary hands-on ...
- u.a. in Bremen, Koblenz, Virtual Classroom, Offenbach, FreiburgEC-Council’s Certified Penetration Tester (CPENT) program is all about the pen test and will teach you to perform in an enterprise network environment that must be attacked, exploited, evaded, and defended. If you have only been working in flat networks, CPENT’s live ...
- u.a. in Berlin, Frankfurt am Main, Hannover, Essen, FreiburgThe CSCU training program aims at equipping the students with the necessary knowledge and skills to protect their information assets. The program is designed to interactively teach the students about the whole gamut of information security threats they face ranging from ...