EC-Council | Certified Incident Handler (ECIH) program
Talk to a Career Counselor
Fill out the form and an expert EC-Council Training Consultant will contact you to help you get all your questions answered.
EC-Council’s Certified Incident Handler program equips students with the knowledge, skills, and abilities to effectively prepare for, deal with, and eradicate threats and threat actors in an incident.
This program provides the entire process of Incident Handling and Response and hands-on labs that teach the tactical procedures and techniques required to effectively Plan, Record, Triage, Notify and Contain.
ECIH also covers post incident activities such as Containment, Eradication, Evidence Gathering and Forensic Analysis, leading to prosecution or countermeasures to ensure the incident is not repeated.
With over 95 labs, 800 tools covered, and exposure to Incident Handling activities on four different operating systems, E|CIH provides a well-rounded, but tactical approach to planning for and dealing with cyber incidents.
Pricing Options
On
Demand
On Demand Instructor-led Training Videos
Official E-Courseware
Online CyberQ Labs
Certification Exam
Certificate of Completion
One Additional Certification Course Included
Live Instructor-led Training (in-person or online)
Online Exam Prep (CEH, CHFI, CND Only)
CodeRed Continuing Education Video Subscription
$1,399$806$388$1,069
*Financing Available (US Only)
Unlimited On Demand
(Club)
On Demand Instructor-led Training Videos
Official E-Courseware
Online CyberQ Labs
Certification Exam
Certificate of Completion
Unlimited Additional Certification Course Included
Live Instructor-led Training (in-person or online)*
Online Exam Prep (CEH, CHFI, CND Only)
CodeRed Continuing Education Video Subscription
$2,999$2,999$2,999$2,999
*Financing Available (US Only)
Live
On Demand Instructor-led Training Videos
Official E-Courseware
Online CyberQ Labs
Certification Exam
Certificate of Completion
One Additional Certification Course Included
Live Instructor-led Training (in-person or online)
Online Exam Prep (CEH, CHFI, CND Only)
CodeRed Continuing Education Video Subscription
$2,999$2,999$2,999$2,999
*Financing Available (US Only)
*Upgrade any course to live training for $499
About the Certified Incident Handle (ECIH) Course
Course Outline
- Introduction to Incident Handling and Response
- Incident Handling and Response Process
- First Response
- Handling and Responding to Malware Incidents
- Handling and Responding to Email Security Incidents
- Handling and Responding to Network Security Incidents
- Handling and Responding to Web Application Security Incidents
- Handling and Responding to Cloud Security Incidents
- Handling and Responding to Insider Threats
- Handling and Responding to Endpoint Security Incidents
EC-Council’s Certified Incident Handler provides students with a method-driven program that uses a holistic approach to cover vast concepts concerning organizational incident handling and response from preparing and planning the incident handling response process to recovering organizational assets after a security incident. The skills taught in EC-Council’s ECIH program are desired by cybersecurity professionals from around the world and is respected by employers.
What you will learn:
- Key issues plaguing the information security world
- Various types of cyber security threats, attack vectors, threat actors, and their motives, goals, and objectives of cyber security attacks
- Various attack and defense frameworks (Cyber Kill Chain Methodology, MITRE ATT&CK Framework, etc.)
- Fundamentals of information security concepts (Vulnerability assessment, risk management, cyber threat intelligence, threat modeling, and threat hunting)
- Fundamentals of incident management (information security incidents, signs and costs of an incident, incident handling and response, and incident response automation and orchestration)
- Different incident handling and response best practices, standards, cyber security frameworks, laws, acts, and regulations
- Various steps involved in planning incident handling and response program (Planning, recording and assignment, triage, notification, containment, evidence gathering and forensic analysis, eradication, recovery, and post-incident activities)
- Importance of first response and first response procedure (Evidence collection, documentation, preservation, packaging, and transportation)
- How to handle and respond to different types of cyber security incidents in a systematic way (malware incidents, email security incidents, network security incidents, web application security incidents, cloud security incidents, insider threat-related incidents, and endpoint security incidents)
Meet Your Instructor
iLabs Demo
Passing Score
In order to maintain the high integrity of our certifications exams, EC-Council Exams are provided in multiple forms (I.e. different question banks). Each form is carefully analyzed through beta testing with an appropriate sample group under the purview of a committee of subject matter experts that ensure that each of our exams not only has academic rigor but also has “real world” applicability. We also have a process to determine the difficulty rating of each question. The individual rating then contributes to an overall “Cut Score” for each exam form. To ensure each form has equal assessment standards, cut scores are set on a “per exam form” basis. Depending on which exam form is challenged, cut scores can range from 60% to 78%.
Exam Name: ECIH 212-89
Number of Questions: 100
Test Delivery: EC-Council Exam Portal
Test Format: Multiple Choice
Job Roles
- Incident Handler
- Incident Responder
- Incident Response
- Consultant/Associate/Analyst/Engineer/Specialist/Expert/Manager CSIRT Analyst/Engineer/Manager
- Information Security Associate/ Analyst/Engineer/Specialist/Manager
- Cyber Defense Security Consultant/Associate/Analyst
- IT Security Operations Center Analyst (SOC Analyst/Engineer)
- Cyber Forensic Investigator/Consultant/Analyst/Manager Digital Forensic Analyst
- Cyber Risk Vulnerability Analyst/Manager
- Cyber Intelligence Analyst and Cyber Security Threat Analyst/Specialist
- Cyber Security Incident Response Team Lead
- Penetration Tester
The average Incident Handler salary in the United States is $96,283 but the salary range typically falls between $85,694 and $108,555. According to salary.com
Don’t just take a class. Join a program.
The MasterClass package includes:
About MasterClass
The Most Robust
MasterClass Incident Handler/Response Master Program includes three (3) courses and three (3) certifications:
- Students will attend the live EC-Council Certified Incident Handler (ECIH) Course which will teach students best practices to detect, validate, contain, and eradicate security incidents to help improve organizational security posture.
- Students will then be given the self-paced online Certified SOC Analyst (CSA) course which will cover the role of a SOC Manager and SOC analyst Level 1. This course is a great resource for anyone working in a SOC environment that needs to understand the workings of a Security Operations Center, how to Triage incidents, classify them and coordinate Incident handling and response efforts.
- Lastly this program includes the self-paced Certified Threat Intelligence (CTIA) course to provide you the knowledge to prepare and run a threat intelligence program that allows evidence-based knowledge and provides actionable advice about existing and unknown threats.
Practical Knowledge
In addition to the two multiple choice certification exams, students will also be given comprehensive training on the IH&R concepts as well as real-world scenarios. This program includes hands-on learning delivered through iLabs, online labs.
The Most Labs
- ECIHv2
- 48 Exercises
- Approximately 10 Hours
- CSA
- 22 Exercises
- Approximately 11 Hours
- CTIA
- 20 Exercises
- Approximately 8 Hours
Exam Insurance Program
Here at Masterclass we know that test taking can be very stressful, so we have developed a program to put your mind at ease.
While no one can guarantee that you will pass the exam, we can offer you Exam Insurance: If you fail either certification exam included in this program on the first attempt, EC-Council will pay for the next attempt. Any further attempts can be purchased at the reduced “retake” rate.
Who Should Attend?
- Penetration Testers
- Vulnerability Assessment Auditors
- Risk Assessment Administrators
- Network Administrators
- Application Security Engineers
- Cyber Forensic Investigators/ Analyst and SOC Analyst
- System Administrators/Engineers
- Firewall Administrators and Network Managers/IT Managers
|
Live Course Dates in North America |
|
Live Course Dates outside of North America |
Save big. Join the club.
As an iClass Club member, you receive unlimited access to EC-Council’s library of video courses. Upgrade to live classes for only $499 each during the subscription year.
You can even finance your Club membership through our partnership with Affirm. In the cart, you’ll be able to split your purchase into easy monthly payments. Term lengths range from 3 to 36 months depending on eligibility and purchase amount, with rates starting as low as 0% APR.
*Your rate will be 0% APR or 10–30% APR based on credit and is subject to an eligibility check. 0% APR is subject to change. Payment options through Affirm are provided by these lending partners: affirm.com/lenders. Options depend on your purchase amount, and a down payment may be required. US Residents Only.
Certification Club Benefits:
Don’t limit yourself to one class per year, join the iClass Club and get your cybersecurity training directly from the source! No one course can make you an expert, so take advantage of EC-Council Master trainers in each subject area and become a well-rounded cybersecurity professional.
For approximately the cost of one live course, the iClass Club will stretch your budget from one course to many. With savings like that, you can afford to build a strong foundation of cybersecurity knowledge in ethical hacking, pen testing, network defense, incident response, computer forensics, and so much more!
|
Get Started |
|
One Year Subscription $2,999 |
|
Access to EC-Council’s full library of on-demand courses |
|
Official e-courseware |
|
iLabs* |
|
Certification exam* |
|
Move to “enhance” to upgrade your experience. |
|
Enhance |
|
During your subscription, you can upgrade to a live course for $499! |
|
Official Printed Courseware |
|
iLabs* |
|
Certification exam* |
|
Lastly, receive ongoing professional development by moving to the Continuing Education phase! |
|
Continuing Education |
|
One year of CodeRed Included |
|
Continue to learn and gather continuing education credits with CODERED! |
|
Premium Content: 4000+ Premium Videos |
|
Fresh Content: New courses and content are added weekly to keep up with the latest skills and technologies. |
|
CodeRed course videos come with lab demos to reinforce course learning concepts and create a constant career learning companion. |
|
Club Subscription in North America |
|
Club Subscription outside of North America |
Certification Club Terms:
*Not all courses and workshops have associated Labs and exams. Club members must complete 100% of a course before requesting their next course and to be eligible for that course’s exam voucher. CCISO students must meet the eligibility requirements to challenge the CCISO exam. Students who do not meet the CCISO qualifications must take the EISM exam. CodeRed subscription 12 months. Club membership applicable to EC-Council classes only and does not apply to third party or Hacker Halted classes. Devices such as drones or STORMs must be purchased separately at regular price. Drones and STORMs only ship to the US. Students outside of the US can attend drone workshops but must obtain a drone on their own. If a course version changes while your program is still active, you will be given updated material. If a course version changes after your Club is expired, you will need to purchase an extension to get the new version. Club valid for one year and term begins 24 hours after payment is received. After a period of one (1) year the program expires, and all courses are turned off. Lab access term is for 6 months from when a course is assigned. Additional lab time can be added for no extra charge upon request. Labs will not be extended beyond the Club term. Speak to your rep to extend your Club term for 1 year. Renewal price for the Club is $999. Discount not stackable. The Club is a single user license meaning that the courses cannot be shared, and the club is non-transferable.
If you are outside of North America and are interested in the club subscription, please click here.
If you are outside of North America and are interested in the club subscription, please click here.
If you are outside of North America and are interested in the club subscription, please click here.
Have questions?
