​​Need help? Call Us: (805) 505-7375


Banner image showing an active server room and ECIH text
Course DescriptionCourse OutlineCourse BenefitsWho should take this course?

Course Description


The EC-Council Certified Incident Handler (ECIH) program focuses on a structured approach for performing the incident handling and response (IH&R) process. The IH&R process includes stages like incident handling and response preparation, incident validation and prioritization, incident escalation and notification, forensic evidence gathering and analysis, incident containment, systems recovery, and incident eradication. This systematic incident handling and response process creates awareness among incident responders in knowing how to respond to various types of security incidents.

Cybersecurity Professionals interested in pursuing incident handling and response as a career require comprehensive training on the IH&R concepts as well as real-world scenarios. The ECIH program includes hands-on learning delivered through iLabs, online labs within the training program.




Course Outline


Module 01: Introduction to Incident Handling and Response

Module 02: Incident Handling and Response Process

Module 03: Forensic Readiness and First Response

Module 04: Handling and Responding to Malware Incidents

Module 05: Handling and Responding to Email Security Incidents

Module 06: Handling and Responding to Network Security Incidents

Module 07: Handling and Responding to Web Application Security Incidents

Module 08: Handling and Responding to Cloud Security Incidents

Module 09: Handling and Responding to Insider Threats

Course Benefits


  • To enable individuals and organizations with the ability to handle and respond to different types of cybersecurity incidents in a systematic way.
  • To ensure that organization can identify, contain, and recover from an attack.
  • To reinstate regular operations of the organization as early as possible and mitigate the negative impact on the business operations.
  • To be able to draft security policies with efficacy and ensure that the quality of services is maintained at the agreed levels.
  • To minimize the loss and after-effects breach of the incident.
  • For individuals: To enhance skills on incident handling and boost their employability.

ECIH is a specialist-level program that caters to mid-level to high-level cybersecurity professionals. In order to increase your chances of success, it is recommended that you have at least 1 year of experience in the cybersecurity domain.

ECIH members are ambitious security professionals who work in Fortune 500 organizations globally.

Who should take this course?


  • Penetration Testers
  • Vulnerability Assessment Auditors
  • Risk Assessment Administrators
  • Network Administrators
  • Application Security Engineers
  • Cyber Forensic Investigators/ Analyst and SOC Analyst
  • System Administrators/Engineers
  • Firewall Administrators and Network Managers/IT Managers


Map waypoint logo

Live Instructor-Led In-Person or Online


Novesh and EC-Council’s instructor-led classes are second to none. Come learn with your peers in a live class, either online or in-person, from an EC-Council master trainer.

Our in-person packages all come with lab access, exam prep, the certification exam, and e-courseware.

Contact us for Course Schedule

Logo showing an instructor explaining information located behind them

On-Demand Self-Pace Training


Novesh and EC-Council’s self-paced training includes on-demand, streaming videos of an EC-Council master trainer leading you through the content.

Follow along in your e-courseware as you are guided with additional content including instructor stories from their years of hands-on experience.

Register for On-Demand Course