EC-Council Certified Incident Handler (E|CIH)

Course Overview

The EC-Council Certified Incident Handler (ECIH) course provides individuals with the knowledge and skills necessary to effectively handle and respond to cybersecurity incidents. The course covers incident handling methodologies, strategies, and best practices, enabling participants to mitigate the impact of incidents and safeguard organizational assets. Here is an overview of the ECIH course:

Course Objectives:

  • Understand the key principles, concepts, and phases of incident handling and response.
  • Learn incident handling frameworks and methodologies to effectively respond to cybersecurity incidents.
  • Develop skills in identifying, classifying, and prioritizing incidents based on their severity and potential impact.
  • Acquire knowledge of different types of attacks, malware, and intrusion techniques used by adversaries.
  • Learn techniques for containment, eradication, and recovery from security incidents.
  • Understand the importance of evidence collection, preservation, and incident documentation for legal and post-incident analysis purposes.
  • Gain insights into incident reporting, communication, and coordination with relevant stakeholders during the incident response process.
  • Learn about proactive incident handling practices, including vulnerability management and threat intelligence.
Who Is It For Outline Requirements Exam

The incident handling skills taught in E|CIH are complementary to the job roles below as well as many other cybersecurity jobs:

  • Penetration Testers
  • Vulnerability Assessment Auditors
  • Risk Assessment Administrator
  • Network Administrators
  • Application Security Engineers
  • Cyber Forensic Investigators / Analyst and SOC Analyst
  • System Administrators /Engineers System Administrators / Engineers
  • Firewall Administrators and Network Managers/ IT Managers


  • Module 1: Introduction to Incident Handling and Response
  • Module 2: Incident Handling and Response Process
  • Module 3: Forensic Readiness and First Response
  • Module 4: Handling and Responding to Malware Incidents
  • Module 5: Handling and Responding to Email Security Incidents
  • Module 6: Handling and Responding to Network Security Incident
  • Module 7: Handling and Responding to Web Application Security Incidents
  • Module 8: Handling and Responding to Cloud Security Incident
  • Module 9: Handling and Responding to Insider Threats


  • Basic networking: Understanding TCP/IP protocols, IP addressing, subnetting, and common network protocols (such as HTTP, DNS, SMTP).
  •  Operating systems: Familiarity with popular operating systems like Windows and Linux, including file systems, user management, and command-line interfaces.
  • Security concepts: A basic understanding of cybersecurity principles, terminology, and common threats can help in comprehending the course material.
  • Experience with incident response or IT support: Having prior exposure to incident response procedures, IT support, or working in a related field can provide practical context and enhance the learning experience.

While these are recommended prerequisites, the ECIH course is designed to cater to participants with varying levels of experience and expertise. The course content covers incident handling and response methodologies comprehensively, ensuring that participants gain the necessary knowledge and skills to effectively handle and respond to security incidents.


Number of Questions : 100
Test Duration : 3 Hours
Test Format: Multiple Choice
Test Delivery : EC-Council Exam Portal


Unlock your potential with SysCare! Download our course brochures today and explore a world of knowledge and opportunities. Don’t miss out!.

At vero eos et accusamus et iusto odio digni goikussimos ducimus qui to bonfo blanditiis praese. Ntium voluum deleniti atque.

Melbourne, Australia
(Sat - Thursday)
(10am - 05 pm)