The Certified Incident Handler program from EC-Council gives students the information, skills, and abilities they need to anticipate, address, and eliminate threats and threat actors in an incident. Together with practical laboratories that teach the tactical procedures and tactics necessary to successfully Plan, Record, Triage, Notify, and Contain, this ANAB-Accredited and US DoD 8140 approved program offers the full incident handling and response process. The management of different kinds of occurrences, risk assessment techniques, and incident handling regulations and policies will all be covered for the students. After taking the course, students will be able to develop IH&R policies and handle a variety of security incidents, including those involving malware, email, networks, web applications, cloud, and insider threats.
What will you learn
- Key issues plaguing the information security world.
- Various types of cybersecurity threats, attack vectors, threat actors, and their motives, goals, and objectives of cybersecurity attacks
- Various attack and defense frameworks (Cyber Kill Chain Methodology, MITRE ATT&CK Framework, etc.)
- Fundamentals of information security concepts (vulnerability assessment, risk management, cyber threat intelligence, threat modeling, and threat hunting)
- Various attack and defense frameworks (Cyber Kill Chain Methodology, MITRE ATT&CK Framework, etc.)
- Fundamentals of incident management (information security incidents, signs and costs of an incident, incident handling and response, and incident response automation and orchestration)
- Different incident handling and response best practices, standards, cybersecurity frameworks, laws, acts, and regulations
- Various steps involved in planning incident handling and response program (planning, recording and assignment, triage, notification, containment, evidence gathering and forensic analysis, eradication, recovery, and post-incident activities)
- Importance of first response and first response procedure (evidence collection, documentation, preservation, packaging, and transportation)
- How to handle and respond to different types of cybersecurity incidents in a systematic way (malware incidents, email security incidents, network security incidents, web application security incidents, cloud security incidents, insider threat-related incidents, and endpoint security incidents)
Related Reading
ECIH (EC-Council Certified Incident Handler) Training Locations Across India
Macksofy delivers ECIH (EC-Council Certified Incident Handler) training as live online cohorts nationally and as classroom sessions at our Mumbai (BKC) headquarters. Cohort schedules are also tailored for students in:
- ECIH (EC-Council Certified Incident Handler) in Bangalore
- ECIH (EC-Council Certified Incident Handler) in Chennai
- ECIH (EC-Council Certified Incident Handler) in Delhi NCR
- ECIH (EC-Council Certified Incident Handler) in Hyderabad
- ECIH (EC-Council Certified Incident Handler) in Pune
Browse the full Macksofy course catalog for related certifications.
Related Macksofy Certifications
ECIH covers incident response process; for the hands-on detection and triage skills incident handlers rely on day-to-day, pair it with SOC-200 (OSDA) defensive security analysis — OffSec’s defensive analyst track.
Related reading: ECIH is the incident-response specialisation in the defensive path mapped in our top 10 SOC analyst & blue-team certifications in India 2026 — with levels, exam format and the roles each unlocks.
Curriculum
- 10 Sections
- 79 Lessons
- 30 Days
Expand all sectionsCollapse all sections
- Module 01: Introduction to Incident Handling and Response10
- 1.0Understand Information Security Threats and Attack Vectors
- 1.1Explain Various Attack and Defense Frameworks
- 1.2Understand Information Security Concepts
- 1.3Understand Information Security Incidents
- 1.4Understand the Incident Management Process
- 1.5Understand Incident Response Automation and Orchestration
- 1.6Describe Various Incident Handling and Response Best Practices
- 1.7Explain Various Standards Related to Incident Handling and Response
- 1.8Explain Various Cyber Security Frameworks
- 1.9Understand Incident Handling Laws and Legal Compliance
- Module 02: Incident Handling and Response Process11
- 2.0Understand Incident Handling and Response (IH&R) Process
- 2.1Explain Preparation Steps for Incident Handling and Response
- 2.2Understand Incident Recording and Assignment
- 2.3Understand Incident Triage
- 2.4Explain the Process of Notification
- 2.5Understand the Process of Containment
- 2.6Describe Evidence Gathering and Forensics Analysis
- 2.7Explain the Process of Eradication
- 2.8Understand the Process of Recovery
- 2.9Describe Various Post-Incident Activities
- 2.10Explain the Importance of Information Sharing Activities
- Module 03: First Response4
- Module 04: Handling and Responding to Malware Incidents9
- 4.0Understand the Handling of Malware Incidents
- 4.1Explain Preparation for Handling Malware Incidents
- 4.2Understand Detection of Malware Incidents
- 4.3Explain Containment of Malware Incidents
- 4.4Describe How to Perform Malware Analysis
- 4.5Understand Eradication of Malware Incidents
- 4.6Explain Recovery after Malware Incidents
- 4.7Understand the Handling of Malware Incidents – Case Study
- 4.8Describe Best Practices against Malware Incidents
- Module 05: Handling and Responding to Email Security Incidents8
- 5.0Understand Email Security Incidents
- 5.1Explain Preparation Steps for Handling Email Security Incidents
- 5.2Understand Detection and Containment of Email Security Incidents
- 5.3Understand Analysis of Email Security Incidents
- 5.4Explain Eradication of Email Security Incidents
- 5.5Understand the Process of Recovery after Email Security Incidents
- 5.6Understand the Handling of Email Security Incidents – Case Study
- 5.7Explain Best Practices against Email Security Incidents
- Module 06: Handling and Responding to Network Security Incidents9
- 6.0Understand the Handling of Network Security Incidents
- 6.1Prepare to Handle Network Security Incidents
- 6.2Understand Detection and Validation of Network Security Incidents
- 6.3Understand the Handling of Unauthorized Access Incidents
- 6.4Understand the Handling of Inappropriate Usage Incidents
- 6.5Understand the Handling of Denial-of-Service Incidents
- 6.6Understand the Handling of Wireless Network Security Incidents
- 6.7Understand the Handling of Network Security Incidents – Case Study
- 6.8Describe Best Practices against Network Security Incidents
- Module 07: Handling and Responding to Web Application Security Incidents8
- 7.0Understand the Handling of Web Application Incidents
- 7.1Explain Preparation for Handling Web Application Security Incidents
- 7.2Understand Detection and Containment of Web Application Security Incidents
- 7.3Explain Analysis of Web Application Security Incidents
- 7.4Understand Eradication of Web Application Security Incidents
- 7.5Explain Recovery after Web Application Security Incidents
- 7.6Understand the Handling of Web Application Security Incidents – Case Study
- 7.7Describe Best Practices for Securing Web Applications
- Module 08: Handling and Responding to Cloud Security Incidents7
- 8.0Understand the Handling of Cloud Security Incidents
- 8.1Explain Various Steps Involved in Handling Cloud Security Incidents
- 8.2Understand How to Handle Azure Security Incidents
- 8.3Understand How to Handle AWS Security Incidents
- 8.4Understand How to Handle Google Cloud Security Incidents
- 8.5Understand the Handling of Cloud Security Incidents – Case Study
- 8.6Explain Best Practices against Cloud Security Incidents
- Module 09: Handling and Responding to Insider Threats8
- 9.0Understand the Handling of Insider Threats
- 9.1Explain Preparation Steps for Handling Insider Threats
- 9.2Understand Detection and Containment of Insider Threats
- 9.3Explain Analysis of Insider Threats
- 9.4Understand Eradication of Insider Threats
- 9.5Understand the Process of Recovery after Insider Attacks
- 9.6Understand the Handling of Insider Threats – Case Study
- 9.7Describe Best Practices against Insider Threats
- Module 10: Handling and Responding to Endpoint Security Incidents5
Lessons:
