The EC-Council’s Certified Incident Handler certification is a program that will provide students the skills they will need in order to identify and minimize the damage caused by computer security incidents. This incident response course will cover the basics of computer security incidents, including introducing students to the different kinds of security incidents and the ways these incidents can expose an information system to the risks of unauthorized access or loss of information. Certified students will gain knowledge in assessing risk, computer forensics, and creating computer security incident response teams.
Students will learn about the legal implications they will have to consider when attempting to neutralize the damage that can be caused by network security threats. The course will also cover designing suitable business continuity plans, providing students with the knowledge they will need to help their organizations continue operations in the event of a significant security incident.
Topics & Concepts Covered in E|CIH Training Include:
- Principles and techniques for detecting and responding to current and emerging computer security threats
- How to handle various types of incidents
- Risk assessment methodologies
- Various laws and policies related to incident handling
Recommended Training Audience and Prerequisites
Students who finish the certification will be able to enter the computer security field with the knowledge required to set up appropriate and effective policies to deal with a variety of computer security incidents. System administrators, IT managers and directors, and anyone who works in computer security can benefit from obtaining this certification.
E|CIH Certification Requirements
In order to be certified, students will need to take a two hour exam, ECIH 212-89. During the exam, the students will have to demonstrate their knowledge of several areas related to computer security incident handling, including risk assessment, the steps to identifying security incidents, in particular malicious code incidents and insider threats, and incident reporting and recovery.