This latest iteration of EC-Council’s Certified Incident Handler (E|CIH) program has been designed and developed in
collaboration with cybersecurity and incident handling and response practitioners across the globe.
It is a comprehensive specialist-level program that imparts knowledge and skills that organizations need to effectively
handle post breach consequences by reducing the impact of the incident, from both a financial and a reputational
perspective.

Following a rigorous development, which included a careful Job Task Analysis (JTA) related to incident handling
and incident first responder jobs, EC-Council developed a highly interactive, comprehensive, standards-based,
intensive 3-day training program and certification that provides a structured approach to learning real-world
incident handling and response requirements

• Understand the key issues plaguing the information security world
• Learn to combat different types of cybersecurity threats, attack vectors, threat actors and their motives
• Learn the fundamentals of incident management including the signs and costs of an incident
• Understand the fundamentals of vulnerability management, threat assessment, risk management, and
incident response automation and orchestration
• Master all incident handling and response best practices, standards, cybersecurity frameworks, laws,
acts, and regulations
• Decode the various steps involved in planning an incident handling and response program
• Gain an understanding of the fundamentals of computer forensics and forensic readiness
• Comprehend the importance of the first response procedure including evidence collection, packaging,
transportation, storing, data acquisition, volatile and static evidence collection, and evidence analysis
• Understand anti-forensics techniques used by attackers to find cybersecurity incident cover-ups
• Apply the right techniques to different types of cybersecurity incidents in a systematic manner including
malware incidents, email security incidents, network security incidents, web application security
incidents, cloud security incidents, and insider threat-related incidents

There is no organization that is truly safe from a cyberattack. An Incident Manager with the proper incident
handling skills can help reduce the impact of a breach.
The incident handling skills taught in E|CIH are complementary to the job roles below as well as many
other cybersecurity jobs:

• Penetration Testers
• Vulnerability Assessment Auditors
• Risk Assessment Administrators
• Network Administrators
• Application Security Engineers
• Cyber Forensic Investigators/Analyst and SOC Analyst
• System Administrators/Engineers
• Firewall Administrators and Network Managers/IT Managers

E|CIH is a specialist-level program that caters to mid-level to high-level cybersecurity professionals. In
order to increase your chances of success, it is recommended that you have at least 1 year of experience
in the cybersecurity domain.
E|CIH members are ambitious security professionals who work in Fortune 500 organizations globally.

• Introduction to Incident Handling and Response
• Incident Handling and Response Process
• Forensic Readiness and First Response
• Handling and Responding to Malware Incidents
• Handling and Responding to Email Security Incidents
• Handling and Responding to Network Security Incidents
• Handling and Responding to Web Application Security Incidents
• Handling and Responding to Cloud Security Incidents
• Handling and Responding to Insider Threats

The E|CIH exam can be attempted after the completion of the official E|CIH course taught either by any ECCouncil
Authorized Training Center (ATC) or by EC-Council directly. Candidates that successfully pass the
exam will receive the E|CIH certificate and membership privileges. Members are required to adhere to the
policies of EC-Council’s Continuing Education Policy.

To be eligible to sit the E|CIH Exam, the candidate must either:
Attend official E|CIH training through any of EC-Council’s Authorized Training Centers (ATCs) or attend
EC-Council’s live online training via iWeek or join our self-study program through iLearn (see https://iclass.
eccouncil.org).

Candidates with a minimum of 1 year of work experience in the domain that would like to apply to take the
exam directly without attending training are required to pay the USD100 Eligibility Application Fee. This fee
is included in your training fee should you choose to attend training.