Certified Incident Handler (Ecih) V2

Certificate Exam Preparatory course

What you'll learn

Understanding the fundamentals of incident handling and response, including the incident handling process and procedures.

Developing an incident response plan and establishing communication channels to ensure a prompt and effective response to incidents.

Identifying and classifying incidents, analyzing their impact, and responding appropriately.

Implementing containment strategies to limit the impact of incidents and eradicating the cause of incidents.

Restoring systems and data affected by incidents and conducting post-incident activities, including forensic analysis and lessons learned sessions.

Understanding legal and ethical considerations in incident handling and response.

Applying incident handling and response techniques to various types of incidents, including network security incidents, malicious code incidents, insider attack

Developing incident handling policies and procedures to ensure consistent and effective incident response across the organization.

Requirements

There are no formal prerequisites for the Certified Incident Handler (ECIH) v2 Course. However, it is recommended that participants have some basic knowledge of computer networking, cybersecurity, and incident handling before taking the course.

Participants who have some prior experience in incident handling and response may be able to skip the introductory courses and go directly to the ECIH v2 Course. However, it is important to note that the ECIH v2 Course covers advanced topics in incident handling and response and may be challenging for those who are new to the field.

Description

The Certified Incident Handler (ECIH) v2 Course is designed to provide participants with the knowledge and skills required to handle and respond to various cybersecurity incidents. The course covers the fundamental principles of incident handling and response, including preparation, detection, containment, eradication, and recovery.The course is intended for security officers, auditors, security professionals, site administrators, and anyone involved in incident handling and response. Participants will learn how to handle various types of incidents, including network security incidents, malicious code incidents, insider attacks, and physical security incidents.Understanding the fundamentals of incident handling and response, including the incident handling process and procedures.Developing an incident response plan and establishing communication channels to ensure a prompt and effective response to incidents.Identifying and classifying incidents, analyzing their impact, and responding appropriately.Implementing containment strategies to limit the impact of incidents and eradicating the cause of incidents.The ECIH v2 Course is designed for individuals who are looking to develop their skills and knowledge in incident handling and response. The course is particularly suitable for those who are responsible for maintaining the security of computer systems and networks, as well as those who are interested in pursuing a career in cybersecurity.Overall, the ECIH v2 Course aims to provide participants with the knowledge and skills needed to handle and respond to various cybersecurity incidents effectively. Upon completion of the course, participants will have the necessary knowledge to take the ECIH certification exam and earn the Certified Incident Handler credential.

Overview

Section 1: Introduction to Incident Handling and Response

Lecture 1 Overview

Lecture 2 Information Security and Incident Management

Lecture 3 What is Vulnerability Management

Lecture 4 What are Threat Assessments

Lecture 5 Risk Management - Vocabulary

Lecture 6 Risk Management - The Process

Lecture 7 Risk Management - The NIST RMF

Lecture 8 Incident Handling best practices, std., frameworks

Lecture 9 Incident Handling and Legal Compliance

Section 2: Incident Handling and Response Process

Lecture 10 Step 1: Prepare for Incident Handling, Response

Lecture 11 Step 2: Incident Recording and Assignment

Lecture 12 Step 3: Incident Triage

Lecture 13 Step 4: Notification

Lecture 14 Step 5: Containment

Lecture 15 Step 6: Evidence Gathering and Forensic Analysis

Lecture 16 Step 7: Eradication

Lecture 17 Step 8: Recovery

Lecture 18 Step 9: Post-Incident Activities

Section 3: Forensic Readiness and First Response

Lecture 19 Forensics and first response

Lecture 20 Principles of Digital Evidence Collection

Lecture 21 Data Acquisition

Lecture 22 Volatile Evidence Collection

Lecture 23 Static Evidence Collection and Anti-Forensics

Section 4: Handling and Responding to Malware Incidents

Lecture 24 Preparation for Handling Malware Incidents

Lecture 25 Detection of Malware Incidents

Lecture 26 Containment of Malware Incidents

Lecture 27 Eradication of Malware Incidents

Lecture 28 Recovery after Malware Incidents

Section 5: Handling and Responding to Email Security Incidents

Lecture 29 Handling Email Security Incidents

Section 6: Handling and Responding to Network Security Incidents

Lecture 30 Preparation Handling Network Security Incidents

Lecture 31 Detection, Validation Network Security Incidents

Lecture 32 Handling Unauthorized Access Incidents

Lecture 33 Handling Inappropriate Usage Incidents

Lecture 34 Handling Denial-of-Service Incidents

Lecture 35 Handling Wireless Network Security Incidents

Section 7: Handling and Responding to Web Application Security Incidents

Lecture 36 Preparation to Handle Web App Security Incidents

Lecture 37 Detecting, Analyzing Web App Security Incidents

Lecture 38 Containment of Web Application Security Incidents

Lecture 39 Eradication of Web Application Security Incidents

Lecture 40 Recovery from Web Application Security Incidents

Lecture 41 Web Application Security Threats and Attacks

Section 8: Handling and Responding to Web Application Security Incidents

Lecture 42 Cloud Computing Concepts

Lecture 43 Best Practices Against Cloud Security Incidents

Section 9: Handling and Responding to Insider Threats

Lecture 44 Best Practices Against Insider Threats

Section 10: Hands-On with E|CIH Tools

Lecture 45 Security checks using buck-security on Linux

Lecture 46 Volatile evidence collection - Linux, Windows

Lecture 47 Using OSForensics to find hidden material

Lecture 48 Analyzing non-volatile data using Autopsy

Lecture 49 Malware analysis

Lecture 50 Collecting information by tracing emails

Lecture 51 Using OSSIM

Lecture 52 Using Wireshark and NMAP

Lecture 53 Using Suricata IDS

Lecture 54 What does a SQL Injection Attack look like

Lecture 55 What does a XSS Attack look like

Security officers: Security officers responsible for monitoring and responding to security incidents within an organization.,Site administrators: Site administrators responsible for managing and securing computer systems and networks.,Auditors: Auditors responsible for assessing the security posture of an organization and identifying vulnerabilities.,Security professionals: Security professionals responsible for designing and implementing security solutions within an organization.,Network administrators: Network administrators responsible for managing and securing computer networks.,Incident responders: Incident responders responsible for investigating and responding to security incidents.,Anyone interested in cybersecurity: Anyone interested in learning about incident handling and response in the context of cybersecurity.