EC-Council Certified Incident Handler (ECIH)

The EC-Council Certified Incident Handler (ECIH) is a specialist-level certification designed to equip cybersecurity professionals with the skills to effectively prepare for, detect, respond to, and recover from cybersecurity incidents. The program takes a method-driven, holistic approach to incident handling and response, covering the entire lifecycle from planning and triage to containment, eradication, and post-incident analysis. With over 95 labs and exposure to multiple operating systems, ECIH offers a practical, hands-on learning experience.

Who It’s For:
This course is ideal for incident response team members, SOC analysts, cybersecurity professionals, system administrators, and federal employees responsible for managing or responding to security incidents. It is also suitable for those seeking to specialize in incident handling and digital forensics.

What You’ll Learn:
Participants will gain knowledge of threat actors, attack vectors, and incident response frameworks such as the Cyber Kill Chain and MITRE ATT&CK. The course also covers vulnerability and risk management, threat intelligence, and forensic readiness.

Course Outline:

Introduction to Incident Handling and Response
Incident Handling and Response Process
First Response
Handling and Responding to Malware Incidents
Handling and Responding to Email Security Incidents
Handling and Responding to Network Security Incidents
Handling and Responding to Web Application Security Incidents
Handling and Responding to Cloud Security Incidents
Handling and Responding to Insider Threats
Handling and Responding to Endpoint Security Incidents

Why It’s Valuable for Federal Employees and Contractors:
ECIH aligns with the NICE Cybersecurity Workforce Framework and supports federal cybersecurity readiness by providing structured, standards-based training in incident response. It helps federal professionals minimize the impact of breaches, ensure compliance with security policies, and maintain operational continuity in the face of cyber threats.

Delivery Formats:
The ECIH program is available in multiple formats: In-Person Training, Online Self-Paced, and Online Instructor-Led.

Course Overview

Overall Proficiency Level

2 - Intermediate

Course Prerequisites

none

Training Purpose

Skill Development

Specific Audience

All

Delivery Method

Online, Instructor-Led

Online, Self-Paced

Online, Instructor-Led
Online, Self-Paced

Learning Objectives

Understand the fundamentals of incident handling and response
Develop and implement incident response policies and procedures
Detect and analyze various types of cybersecurity incidents
Handle malware, email, network, and web application incidents
Respond to cloud and endpoint security incidents
Investigate insider threats and data breaches
Coordinate with CSIRT and other response teams
Apply forensic readiness and evidence handling techniques
Document incidents and conduct post-incident analysis
Improve organizational resilience through proactive response planning

Framework Connections

Protection and Defense

The materials within this course focus on the NICE Framework Task, Knowledge, and Skill statements identified within the indicated NICE Framework component(s):

Work Roles

Incident Response

Feedback

If you would like to provide feedback on this course, please e-mail the NICCS team at NICCS@mail.cisa.dhs.gov. Please keep in mind that NICCS does not own this course or accept payment for course entry. If you have questions related to the details of this course, such as cost, prerequisites, how to register, etc., please contact the course training provider directly. You can find course training provider contact information by following the link that says “Visit course page for more information...” on this page.

Last Published Date: June 6, 2025