+31 (0) 299 462 825

Certified Incident Handler

E|CIH is a method-driven 3-day program that uses a holistic approach to cover vast concepts concerning organizational incident handling and response.


This latest iteration of EC-Council’s Certified Incident Handler (E|CIH) program has been designed and developed in collaboration with cybersecurity and incident handling and response practitioners across the globe.

It is a comprehensive specialist-level program that imparts knowledge and skills that organizations need to effectively handle post breach consequences by reducing the impact of the incident, from both a financial and a reputational perspective.

Following a rigorous development which included a careful Job Task Analysis (JTA) related to incident handling and incident first responder jobs, EC-Council developed a highly interactive, comprehensive, standards-based, intensive 3-day training program and certification that provides a structured approach to learning real-world incident handling and response requirements.


Professionals interested in pursuing incident handling and response as a career require comprehensive training that not only imparts concepts but also allows them to experience real-scenarios.

The E|CIH program includes hands-on learning delivered through labs within the training program. True employability after earning a certification can only be achieved when the core of the curricula maps to and is compliant with government and industry-published incident and response frameworks.

E|CIH is a method-driven program that uses a holistic approach to cover vast concepts concerning organizational incident handling and response from preparing and planning the incident handling response process to recovering organizational assets after a security incident. These concepts are essential for handling and responding to security incidents to protect organizations from future threats or attacks.


This course will significantly benefit incident handlers, risk assessment administrators, penetration testers, cyber forensic investigators, venerability assessment auditors, system administrators, system engineers, firewall administrators, network managers, IT managers, IT professionals and anyone who is interested in incident handling and response


The E|CIH 212-89 exam can be conducted on the last day of training. Students must pass the exam on the ECC exam platform to receive the ECIH certification.
Exam title: EC-Council Certified Incident Handler
Exam code: ECIH 212-89
Number of questions: 100 MCQ
Duration: 3 hours
Delivery: ECC exam

01: Introduction to Incident Handling and Response
02: Incident Handling and Response Process
03: Forensic Readiness and First Response
04: Handling and Responding to Malware Incidents
05: Handling and Responding to Email Security Incidents
06: Handling and Responding to Network Security Incidents
07: Handling and Responding to Web Application Security Incidents
08: Handling and Responding to Cloud Security Incidents
Module 09: Handling and Responding to Insider Threats


This course is also available as a self-study package in iClass. Ask your learning provider or contact us.