Get EC-Council Certified Incident Handler (ECIH) v2 certified in just three days and get the skills you need to be an expert in incident management, handling and response.
100% compliant with the NICE 2.0 & CREST Frameworks, the ECIH certification is internationally recognised - giving you valuable credibility in incident management. You’ll learn how to identify, control and recover from cyber security attacks on this hands-on accelerated course.
Get 50% more training time than traditional 9-5pm courses. Using Firebrand's unique Lecture | Lab | Review technique, you'll spend more time practicing techniques to detect and respond to current cyber security threats.
On this accelerated ECIH certification course you’ll learn:
- Structured incident handling and first response plans and procedures
- Forensic readiness, evidence gathering and analysis
- Incident validation, escalation procedures and writing incident reports
- Incident containment and systems recovery
You’ll sit your ECIH exam during the course, just steps away from the classroom. As an official EC-Council partner, you’ll learn from an EC-Council ECIH certified instructor and benefit from official EC-Council courseware and labs.
This accelerated ECIH course is perfect if you’re an incident handler, risk assessment administrator, pen tester, cyber forensic investigator, vunerability assessment auditor, system administrator, system engineer, firewall administrator or network manager.
ECIH v2 was created using job task analysis related to incident handling and incident first responder roles and meets industry-wide incident handling standards.
9x Accredited Training Centre of the Year
Firebrand Training has again won the EC-Council Accredited Training Centre of the Year Award, from a Training Partner network that has more than 700 training centres across 107 countries. This extends a record-breaking run of successive awards to nine years.
Jay Bavisi, President of EC-Council said: “The annual EC-Council Awards highlights the commitment and achievements of our global partners and trainers that have contributed to the information security community.”
See prices now to find out how much you could save when you train at twice the speed.
Seven reasons why you should sit your ECIH course with Firebrand Training
- You'll be ECIH certified in just 3 days. With us, you’ll be ECIH trained in record time
- Our ECIH course is all-inclusive. A one-off fee covers all course materials, exams, accommodation and meals. No hidden extras
- Pass ECIH first time or train again for free. This is our guarantee. We’re confident you’ll pass your course first time. But if not, come back within a year and only pay for accommodation, exams and incidental costs
- You’ll learn more ECIH. A day with a traditional training provider generally runs from 9am – 5pm, with a nice long break for lunch. With Firebrand Training you’ll get at least 12 hours/day quality learning time, with your instructor
- You’ll learn ECIH faster. Chances are, you’ll have a different learning style to those around you. We combine visual, auditory and tactile styles to deliver the material in a way that ensures you will learn faster and more easily
- You’ll be studying ECIH with the best. We’ve been named in Training Industry’s “Top 20 IT Training Companies of the Year” every year since 2010. As well as winning many more awards, we’ve trained and certified 74,729 professionals, and we’re partners with all of the big names in the business
- You'll do more than study ECIH courseware. We use practical exercises to make sure you can apply your new knowledge to the work environment. Our instructors use demonstrations and real-world experience to keep the day interesting and engaging
Think you are ready for the course? Take a FREE practice test to assess your knowledge!
Other accelerated training providers rely heavily on lecture and independent self-testing and study.
Effective technical instruction must be highly varied and interactive to keep attention levels high, promote camaraderie and teamwork between the students and instructor, and solidify knowledge through hands-on learning.
Firebrand Training provides instruction to meet every learning need:
- Intensive group instruction
- One-on-one instruction attention
- Hands-on labs
- Lab partner and group exercises
- Question and answer drills
- Independent study
This information has been provided as a helpful tool for candidates considering training. Courses that include certification come with a certification guarantee. Pass first time or train again for free (just pay for accommodation and exams on your return). We do not make any guarantees about personal successes or benefits of obtaining certification. Benefits of certification determined through studies do not guarantee any particular personal successes.
Module 01: Introduction to Incident Handling and Response
- Overview of Information Security Concepts
- Understanding Information Security Threats and Attack Vectors
- Understanding Information Security Incident
- Overview of Incident Management
- Overview of Vulnerability Management
- Overview of Threat Assessment
- Understanding Risk Management
- Understanding Incident Response Automation and Orchestration
- Incident Handling and Response Best Practices
- Overview of Standards
- Overview of Cyber security Frameworks
- Importance of Laws in Incident Handling
- Incident Handling and Legal Compliance
Module 02: Incident Handling and Response Process
- Overview of Incident Handling and Response (IH&R) Process
- Step 1: Preparation for Incident Handling and Response
- Step 2: Incident Recording and Assignment
- Step 3: Incident Triage
- Step 4: Notification
- Step 5: Containment
- Step 6: Evidence Gathering and Forensics Analysis
- Step 7: Eradication
- Step 8: Recovery
- Step 9: Post-Incident Activities
Module 03: Forensic Readiness and First Response
- Introduction to Computer Forensics
- Overview of Forensic Readiness
- Overview of First Response
- Overview of Digital Evidence
- Understanding the Principles of Digital Evidence Collection
- Collecting the Evidence
- Securing the Evidence
- Overview of Data Acquisition
- Understanding the Volatile Evidence Collection
- Understanding the Static Evidence Collection
- Performing Evidence Analysis
- Overview of Anti-Forensics
Module 04: Handling and Responding to Malware Incidents
- Overview of Malware Incident Response
- Preparation for Handling Malware Incidents
- Detecting Malware Incidents
- Containment of Malware Incidents
- Eradication of Malware Incidents
- Recovery after Malware Incidents
- Guidelines for Preventing Malware Incidents
Module 05: Handling and Responding to Email Security Incidents
- Overview of Email Security Incidents
- Introduction to Email Security Incidents
- Types of Email Security Incidents
- Preparation for Handling Email Security Incidents
- Detection and Containment of Email Security Incidents
- Eradication of Email Security Incidents
- Recovery after Email Security Incidents
Module 06: Handling and Responding to Network Security Incidents
- Overview of Network Security Incidents
- Preparation for Handling Network Security Incidents
- Detection and Validation of Network Security Incidents
- Handling Unauthorised Access Incidents
- Handling Inappropriate Usage Incidents
- Handling Denial-of-Service Incidents
- Handling Wireless Network Security Incidents
Module 07: Handling and Responding to Web Application Security Incidents
- Overview of Web Application Incident Handling
- Web Application Security Threats and Attacks
- Preparation to Handle Web Application Security Incidents
- Detecting and Analysing Web Application Security Incidents
- Containment of Web Application Security Incidents
- Eradication of Web Application Security Incidents
- Recovery from Web Application Security Incidents
- Best Practices for Securing Web Applications
Module 08: Handling and Responding to Cloud Security Incidents
- Cloud Computing Concepts
- Overview of Handling Cloud Security Incidents
- Cloud Security Threats and Attacks
- Preparation for Handling Cloud Security Incidents
- Detecting and Analysing Cloud Security Incidents
- Containment of Cloud Security Incidents
- Eradication of Cloud Security Incidents
- Recovering from Cloud Security Incidents
- Best Practices Against Cloud-based Incidents
Module 09: Handling and Responding to Insider Threats
- Introduction to Insider Threats
- Preparation for Handling Insider Threats
- Detecting and Analysing Insider Threats
- Containment of Insider Threats
- Eradication of Insider Threats
- Recovery after Insider Attacks
- Best Practices Against Insider Threats
See Exam Track...
You'll sit the following exam on site as part of the course:
- ECIH: exam code 212-89
- Number of Questions: 100
- Passing Score: 70%
- Test Duration: 3 hours
- Test Format: Multiple choice
See What's Included...
On this accelerated, all-inclusive course you'll get:
- EC-Council ECIH Certified Instructor
- Official EC-Council ECIH course materials
- Official ECIH lab access
- Instructor-led ECIH exam preparation
- EC-Council ECIH exam, which you'll take on the final day of the course
When you achieve your ECIH certification, you will be awarded a digital badge. This can be downloaded from EC-Council’s Aspen Portal.
Firebrand Training offers top-quality technical education and certification training in an all-inclusive course package specifically designed for the needs and ease of our students. We attend to every detail so our students can focus solely on their studies and certification goals.
Our Certification Programs includes
- Intensive Hands-on Training Utilising our (Lecture | Lab | Review)TM Delivery
- Comprehensive Study Materials, Program Courseware and Self-Testing Software including MeasureUp *
- Fully instructor-led program with 24 hour lab access
- Examination vouchers **
- Near site testing, Transportation to/from Testing Center are provided ***
- Accommodation, all meals, unlimited beverages, snacks and tea / coffee****
- Examination Passing Policy
- * Not on all courses
- ** Examination vouchers are not included for the following courses: PMP, CAPM and CISSP CBK Review
- *** Not included in our PMP, CAPM, CISA, CISM, CGEIT, CRISC, (ISC)2 or ITIL Managers and Revision Certifications
- **** Accommodation not included on the CISSP CBK Review Seminar
Our instructors teach to accommodate every student's learning needs through individualised instruction, hands-on labs, lab partner and group exercises, independent study, self-testing, and question/answer drills.
Firebrand Training has dedicated, well-equipped educational facilities where you will attend instruction and labs and have access to comfortable study and lounging rooms. Our students consistently say our facilities are second-to-none.
Examination Passing Policy
Should a student complete a Firebrand Training Program without having successfully passed all vendor examinations, the student may re-attend that program for a period of one year. Students will only be responsible for accommodations and vendor exam fees.
You should have the following experience before attending this course:
- A minimum of one years experience managing Windows/Unix/Linux systems
- An understanding of common network and security services
Unsure whether you meet the prerequisites?
Don’t worry - we’ll discuss your technical background, experience and qualifications to determine whether this accelerated course suits you.
Just call us on +27 87 550 2195 and speak to one of our enrolment consultants.
Firebrand is an immersive environment and requires commitment. Some prerequisites are simply guidelines; you may find your unique experience, attitude and determination enables you to succeed on your accelerated course.
EC-Council ECIH Course Dates
EC-Council - Certified Incident Handler (ECIH) v2
Here's the Firebrand Training review section. Since 2001 we've trained exactly 74,729 students and asked them all to review our Accelerated Learning. Currently, 96.78% have said Firebrand exceeded their expectations.
Read reviews from recent accelerated courses below or visit Firebrand Stories for written and video interviews from our alumni.
"The staff are knowledgeable and try to make the courses fun. You will come away will tools and knowledge for your day to day business."
G.M.. (19/9/2019 to 21/9/2019)
Alistair Toomey, BBC. (19/9/2019 to 21/9/2019)
"The instructor is always good"
David Wintour, IMI. (19/9/2019 to 21/9/2019)
"Great experience on my second visit. Definitely would recommend this method of training."
Christopher Dyke, Atos. (17/9/2018 to 18/9/2018)
"Good training also for people without much experience."
Anonymous (24/7/2018 to 25/7/2018)
Latest Reviews from our students