Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
EC-Council Certified Incident Handler (ECIH)
The EC-Council Certified Incident Handler (ECIH) is a specialist-level certification designed to equip cybersecurity professionals with the skills to effectively prepare for, detect, respond to, and recover from cybersecurity incidents. The program takes a method-driven, holistic approach to incident handling and response, covering the entire lifecycle from planning and triage to containment, eradication, and post-incident analysis. With over 95 labs and exposure to multiple operating systems, ECIH offers a practical, hands-on learning experience.
Who It’s For:
This course is ideal for incident response team members, SOC analysts, cybersecurity professionals, system administrators, and federal employees responsible for managing or responding to security incidents. It is also suitable for those seeking to specialize in incident handling and digital forensics.
What You’ll Learn:
Participants will gain knowledge of threat actors, attack vectors, and incident response frameworks such as the Cyber Kill Chain and MITRE ATT&CK. The course also covers vulnerability and risk management, threat intelligence, and forensic readiness.
Course Outline:
Introduction to Incident Handling and Response
Incident Handling and Response Process
First Response
Handling and Responding to Malware Incidents
Handling and Responding to Email Security Incidents
Handling and Responding to Network Security Incidents
Handling and Responding to Web Application Security Incidents
Handling and Responding to Cloud Security Incidents
Handling and Responding to Insider Threats
Handling and Responding to Endpoint Security Incidents
Why It’s Valuable for Federal Employees and Contractors:
ECIH aligns with the NICE Cybersecurity Workforce Framework and supports federal cybersecurity readiness by providing structured, standards-based training in incident response. It helps federal professionals minimize the impact of breaches, ensure compliance with security policies, and maintain operational continuity in the face of cyber threats.
Delivery Formats:
The ECIH program is available in multiple formats: In-Person Training, Online Self-Paced, and Online Instructor-Led.
Course Overview
none
Learning Objectives
Understand the fundamentals of incident handling and response
Develop and implement incident response policies and procedures
Detect and analyze various types of cybersecurity incidents
Handle malware, email, network, and web application incidents
Respond to cloud and endpoint security incidents
Investigate insider threats and data breaches
Coordinate with CSIRT and other response teams
Apply forensic readiness and evidence handling techniques
Document incidents and conduct post-incident analysis
Improve organizational resilience through proactive response planning
Framework Connections
The materials within this course focus on the NICE Framework Task, Knowledge, and Skill statements identified within the indicated NICE Framework component(s):
Work Roles
Feedback
If you would like to provide feedback on this course, please e-mail the NICCS team at NICCS@mail.cisa.dhs.gov. Please keep in mind that NICCS does not own this course or accept payment for course entry. If you have questions related to the details of this course, such as cost, prerequisites, how to register, etc., please contact the course training provider directly. You can find course training provider contact information by following the link that says “Visit course page for more information...” on this page.