EC-Council Certified Incident Handler (CIH)

The course addresses various underlying principles and techniques for detecting and responding to current and emerging computer security threats. Students will learn how to handle various types of incidents, risk assessment methodologies, and more.

Skip to Available Dates

Learning Objectives

After attending the course, they will be able to create incident handling and response policies and deal with various types of computer security incidents. The comprehensive training program will make students proficient in handling and responding to various security incidents such as network security incidents, malicious code incidents, and insider attack threats.

 

Course Details

Course Outline

1 - Introduction to Incident Response and Handling
  • Cyber Incident Statistics
  • Computer Security Incident
  • Information as Business Asset
  • Data Classification
  • Common Terminologies
  • Information Warfare
  • Key Concepts of Information Security
  • Vulnerability, Threat, and Attack
  • Types of Computer Security Incidents
  • Examples of Computer Security Incidents
  • Verizon Data Breach Investigations Report – 2008
  • Incidents That Required the Execution of Disaster Recovery Plans
  • Signs of an Incident
  • Incident Categories
  • Incident Prioritization
  • Incident Response
  • Incident Handling
  • Use of Disaster Recovery Technologies
  • Impact of Virtualization on Incident Response and Handling
  • Estimating Cost of an Incident
  • Key Findings of Symantec Global Disaster Recovery Survey - 2009
  • Incident Reporting
  • Incident Reporting Organizations
  • Vulnerability Resources
  • 2 - Risk Assessment
  • Risk
  • Risk Policy
  • Risk Assessment
  • NIST’s Risk Assessment Methodology
  • Steps to Assess Risks at Work Place
  • Risk Analysis
  • Risk Mitigation
  • Cost/Benefit Analysis
  • NIST Approach for Control Implementation
  • Residual Risk
  • Risk Management Tools
  • 3 - Incident Response and Handling Steps
  • How to Identify an Incident
  • Handling Incidents
  • Need for Incident Response
  • Goals of Incident Response
  • Incident Response Plan
  • Incident Response and Handling Steps
  • Training and Awareness
  • Security Awareness and Training Checklist
  • Incident Management
  • Incident Response Team
  • Defining the Relationship between Incident Response, Incident Handling, and Incident Management
  • Incident Response Best Practices
  • Incident Response Policy
  • Incident Response Plan Checklist
  • Incident Handling System: RTIR
  • RPIER 1st Responder Framework
  • 4 - CSIRT
  • What is CSIRT?
  • What is the Need of an Incident Response Team (IRT)
  • CSIRT Goals and Strategy
  • CSIRT Vision
  • Common Names of CSIRT
  • CSIRT Mission Statement
  • CSIRT Constituency
  • CSIRT Place in the Organization
  • CSIRT Relationship with Peers
  • Types of CSIRT Environments
  • Best Practices for creating a CSIRT
  • Role of CSIRTs
  • Roles in an Incident Response Team
  • CSIRT Services
  • CSIRT Policies and Procedures
  • How CSIRT Handles a Case
  • CSIRT Incident Report Form
  • Incident Tracking and Reporting Systems
  • CERT
  • CERT-CC
  • CERT(R) Coordination Center: Incident Reporting Form
  • CERT:OCTAVE
  • World CERTs
  • 5 - Handling Network Security Incidents
  • Denial-of-Service Incidents
  • Distributed Denial-of-Service Attack
  • Detecting DoS Attack
  • Incident Handling Preparation for DoS
  • Unauthorized Access Incident
  • Inappropriate Usage Incidents
  • Multiple Component Incidents
  • Network Traffic Monitoring Tools
  • Network Auditing Tools
  • Network Protection Tools
  • 6 - Handling Malicious Code Incidents
  • Count of Malware Samples
  • Virus
  • Worms
  • Trojans and Spywares
  • Incident Handling Preparation
  • Incident Prevention
  • Detection of Malicious Code
  • Containment Strategy
  • Evidence Gathering and Handling
  • Eradication and Recovery
  • Recommendations
  • Antivirus Systems
  • 7 - Handling Insider Threats
  • Insider Threats
  • Anatomy of an Insider Attack
  • Insider Risk Matrix
  • Insider Threats Detection
  • Insider Threats Response
  • Insider’s Incident Response Plan
  • Guidelines for Detecting and Preventing Insider Threats
  • Employee Monitoring Tools
  • 8 - Forensic Analysis and Incident Response
  • Computer Forensics
  • Objectives of Forensics Analysis
  • Role of Forensics Analysis in Incident Response
  • Forensic Readiness
  • Forensic Readiness And Business Continuity
  • Types of Computer Forensics
  • Computer Forensic Investigator
  • People Involved in Computer Forensics
  • Computer Forensics Process
  • Digital Evidence
  • Characteristics of Digital Evidence
  • Collecting Electronic Evidence
  • Challenging Aspects of Digital Evidence
  • Forensic Policy
  • Forensics in the Information System Life Cycle
  • Forensic Analysis Guidelines
  • Forensics Analysis Tools
  • 9 - Incident Reporting
  • Incident Reporting
  • Why to Report an Incident
  • Why Organizations Do Not Report Computer Crimes
  • Whom to Report an Incident
  • How to Report an Incident
  • Details to be Reported
  • Preliminary Information Security Incident Reporting Form
  • CERT Incident Reference Numbers
  • Contact Information
  • Summary of Hosts Involved
  • Description of the Activity
  • Log Extracts Showing the Activity
  • Time Zone
  • Federal Agency Incident Categories
  • Organizations to Report Computer Incident
  • Incident Reporting Guidelines
  • Sample Incident Reporting Form
  • Sample Post Incident Report Form
  • 10 - Incident Recovery
  • Incident Recovery
  • Principles of Incident Recovery
  • Incident Recovery Steps
  • Contingency/Continuity of Operations Planning
  • Business Continuity Planning
  • Incident Recovery Plan
  • Incident Recovery Planning Process
  • 11 - Security Policies and Laws
  • Security Policy
  • Key Elements of Security Policy
  • Goals of a Security Policy
  • Characteristics of a Security Policy
  • Design of Security Policy
  • Implementing Security Policies
  • Access Control Policy
  • Importance of Access Control Policies
  • Acceptable Use Policy (AUP)
  • Administrative Security Policy
  • Asset Control Policy
  • Audit Trail Policy
  • Logging Policy
  • Importance of Logging Policies
  • Documentation Policy
  • Evidence Collection Policy
  • Evidence Preservation Policy
  • Information Security Policy
  • National Information Assurance Certification & Accreditation Process (NIACAP) Policy
  • Physical Security Policy
  • Physical Security Guidelines
  • Personnel Security Policies & Guidance
  • Law and Incident Handling
  • Laws and Acts
  • Intellectual Property Laws
  • Actual course outline may vary depending on offering center. Contact your sales representative for more information.

    Who is it For?

    Target Audience

    EC-Council Certified Incident Handler (CIH)

    Call
    Course Length : 2 Days (16 Hours)

    There are currently no scheduled dates for this course. Please contact us for more information.

    Need Help Picking the Right Course? Give us a call! +359 2 421 0040