EC-Council Certified Incident Handler (ECIH)

EC-Council Certified Incident Handler (ECIH)

Description of Course

The program is developed and designed with the cybersecurity, response practitioners and incident handling, collaboration. It is the latest iteration of EC-Council’s Certified Incident Handler (E|CIH) program for candidates around the world.

Imparting knowledge and the requisite skills, it is one among the specialist-leveled program which is comprehensive. The program provides the skills which an organization will need for effective handling of the post-breach consequences. It helps reduce the incident impact over the situation which includes both the perspective of reputational and financial.
The program is developed by the EC-council by better follow up of the development which was rigorous and included a Job Task Analysis (JTA) which is careful and can handle the incident better by being the Incident first responder jobs. The program of EC-Council Certified Incident Handler v2 is highly interactive, intensive 3-day training with standards and certification which helps provide the candidates with a structured approach towards the learning which is made in the incidents of the real world and requires proper handling and response-driven ways to handle the requirements.
If a professional finds himself interested and persuasive in the field of incident handling and better response giving, as a career in it, they need training which is way more comprehensive. One which not just does impart the concepts but also makes them aware of the real-life scenarios and their experiences.
The learning is delivered hands-on by using the labs which exist in the E|CIH program. One can have a true employment assurance when after the certification is achieved and for such an achievement there will be required government compliant and a better framework for the incident and response which are industry-published. This certification also needs one to reach the core of the curricula maps which would then require the above-mentioned certification and the frameworks.
The program of E|CIH uses a better and holistic approach. It is method driven and helps in covering the concepts at vast in the concerned incident handling and response for the organization. This response will require a better prepared and planned incident handling response process to recovery which will be able to cover the assets of the organization after the incident of security alertness. All these concepts are very incidental and essential to handle out and to respond to the incidents of the security for better protection of the organization from any kind of attack or associated threats that they might face in the mere future.

Request for Course Details

Course Duration:
Total Training 3 Days  / 24 hours total class time

The E|CIH exam can be attempted after the completion of the official E|CIH course taught either by any EC-Council Authorized Training Center (ATCs) or by EC-Council directly. Candidates that successfully pass the exam will receive the E|CIH certificate and membership privileges. Members are required to adhere to the policies of EC-Council’s Continuing Education Policy.

ECIH allows cybersecurity professionals to demonstrate their mastery of the knowledge and skills required for Incident Handling

Exam TitleEC-Council Certified Incident Handler
Exam Code212-89
Number of Questions100
Duration3 hours
AvailabilityEC-Council Exam Portal
Test FormatMultiple Choice
Passing Score70%

Eligibility Criteria

To be eligible to sit the E|CIH Exam, the candidate must either:

Attend official E|CIH training through any of EC-Council’s Authorized Training Centers (ATCs) or attend EC-Council’s live online training via iWeek or join our self-study program through iLearn (see


Candidates with a minimum of 1 year of work experience in the domain that would like to apply to take the exam directly without attending training are required to pay the USD100 Eligibility Application Fee. This fee is included in your training fee should you choose to attend training.

  • Module 01: Introduction to Incident Handling and Response
  • Module 02: Incident Handling and Response Process
  • Module 03: Forensic Readiness and First Response
  • Module 04: Handling and Responding to Malware Incidents
  • Module 05: Handling and Responding to Email Security Incidents
  • Module 06: Handling and Responding to Network Security Incidents
  • Module 07: Handling and Responding to Web Application Security Incidents
  • Module 08: Handling and Responding to Cloud Security Incidents
  • Module 09: Handling and Responding to Insider Threats

The incident handling skills taught in E|CIH are complementary to the job roles below as well as many other cybersecurity jobs:

  • Penetration Testers
  • Vulnerability Assessment Auditors
  • Risk Assessment Administrators
  • Network Administrators
  • Application Security Engineers
  • Cyber Forensic Investigators/ Analyst and SOC Analyst
  • System Administrators/Engineers
  • Firewall Administrators and Network Managers/IT Managers

E|CIH is a specialist-level program that caters to mid-level to high-level cybersecurity professionals. In order to increase your chances of success, it is recommended that you have at least 1 year of experience in the cybersecurity domain.

E|CIH members are ambitious security professionals who work in Fortune 500 organizations globally.

Instructor-led training (ILT)
It is a classroom training with Instructor.