ECIH – Certified Incident Handler

Overview of Incident Response and Handling

• Statistics on Cyber Incidents
• Computer Security (CS)
• Business Assets – Information
• Classifying Data
• Common Terms
• Information Warfare
• Key Theories For Information Security
• Vulnerability, Threat, and Attack
• CS Incident Types and Examples
• Incidents and Disaster Recovery Plans
• Common Signals of an Incident
• Low, Middle and High Level Categories of Incidents
• Prioritization
• Response and Handling
• Technologies for Disaster Recovery
• Virtualization’s Impact
• Incident Costs
• Reporting
• Vulnerability Resources

Risk Assessments

• Overview of Risk
• Policies and Assessment
• Method for Risk Assessment by NIST
• Assessing Workplace Risk
• Strategies for Analyzing and Mitigating Risk
• Cost/Benefit Analysis
• Method for Control Implementation by NIST
• Residual Risk
• Tools for Managing Risk

Steps for Incident Response and Handling

• Identifying and Handling an Incident
• Need for and Goals of Incident Response
• Creating an Effective Plan for Incident Response
• 17 Steps for Incident Response and Handling
• Training and Creating Awareness
• Security Training and Awareness Checklist
• Managing Incidents
• Incident Response Team
• Interrelationship Between Incident Response, Handling, and Management
• Common Best Practices and Policy
• Creating a Checklist
• RTIR – Incident Handling System
• RPIER – 1st Responder Framework

CSIRT

• Computer Security Incident Response Team (CSIRT)
• Purpose of an IRT
• Goals, Strategy and Vision of a CSIRT
• CSIRT – Common Names
• Mission Statement
• Constituency and CSIRT’s Place within an Organization
• Peer Relationship
• Environment Types for CSIRT
• Creating a CSIRT
• Team Roles
• Services, Policies and Procedures
• Handling a Case and the Incident Report Form
• Techniques for Tracking and Reporting
• CERT
• CERT-CC
• CERT(R) Coordination Center: Incident Reporting Form
• CERT:OCTAVE
• World CERTs
• IRTs Around the World

Handling Incidents with Network Security

• DoS and DDoS Incidents
• Detecting a DoS Attack
• Preparing for a DoS Attack and How to Handle It
• Incidents of Unauthorized Access
• Incidents of Inappropriate Usage
• Incidents with Many Components
• Tools for Monitoring Network Traffic
• Tools for Auditing the Network
• Network Protection Tools

Malicious Code Incidents

• Malware Samples Count
• Viruses, Worms, Trojans and Spywares
• Preparing for Incident Handling
• Incident Prevention
• Detection of Malware
• Creating a Strategy for Containment
• Gathering and Handling Evidence
• Eradication and Recovery
• Recommendations
• Antivirus Systems

Insider Threats

• Overview and Anatomy of an Insider Attack
• Risk Matrix
• Detecting and Responding to Insider Threats
• Insider’s Incident Response Plan
• Common Guidelines for Threat Detection and Prevention
• Tools for Monitoring Employees

Forensic Analysis and Incident Response

• Computer Forensics
• Objectives and Role of Forensic Analysis
• Forensic Readiness And Business Continuity
• Forensic Types
• Computer Forensic Investigators and the Investigation Process
• Overview and Characteristics of Digital Evidence
• Overview and Challenges of Collecting Evidence
• Forensic Policy
• Forensics in the IS Life Cycle
• Guidelines and Tools for Forensic Analysis

Incident Reporting

• Overview of Incident Reporting and Why You Should Report Any Incidents
• Why Many Organizations Don’t Report
• Creating the Report and Where to Send It
• Preliminary Reporting Form
• CERT Incident Reference Numbers
• Incorporating Contact Information
• Host Summary and Activity Description
• Log Extracts
• Time Zone
• Incident Categories
• Organizations to Report Computer Incident
• Guidelines to Follow
• Sample Reporting Forms

Incident Recovery

• Overview of Incident Recovery and Common Principles
• Steps for Recovery
• Contingency and Continuity of Operations Planning
• Business Continuity Planning
• Incident Recovery Plans and the Planning Process

Security Laws and Policies

• Introduction to and the Key Pieces of a Security Policy
• Common Policy Goals and Characteristics
• Designing and Implementing a Security Policy
• Acceptable Use Policy (AUP)
• Access and Asset Control Policies
• Audit Trail
• Logging
• Documenting
• Collecting and Preserving Evidence
• Information Security
• NIACAP Policy
• Physical Security Guidelines and Policies
• Personnel Security Guidelines and Policies
• Law and Incident Handling
• Laws and Acts
• IP Laws

Exam Details:

Code: 212-89

Number of Questions: 50

Passing Score: 70%

Duration: 2 hours

Format: multiple choice

Delivery: Prometric and Pearson VUE