EC-Council Certified Incident Handler v2

This latest iteration of EC-Council’s Certified Incident Handler (E|CIH) program has been designed and developed in collaboration with cybersecurity and incident handling and response practitioners across the globe.
It is a comprehensive specialist-level program that imparts knowledge and skills that organizations need to effectively handle post-breach consequences by reducing the impact of the incident, from both a financial and a reputational perspective.
Following a rigorous development which included a careful Job Task Analysis (JTA) related to incident handling and incident first responder jobs, EC-Council developed a highly interactive, comprehensive, standards-based, intensive 3-day training program and certification that provides a structured approach to learning real-world incident handling and response requirements.

Prepare to Handle and Respond to Security Incidents

E|CIH is a method-driven program that uses a holistic approach to cover vast concepts concerning organizational incident handling and response from preparing and planning the incident handling response process to recovering organizational assets after a security incident. These concepts are essential for handling and responding to security incidents to protect organizations from future threats or attacks.

Course Duration:
Total Training 3 Days or 24 hours total class time.

The E|CIH exam can be attempted after the completion of the official E|CIH course taught either by any EC-Council Authorized Training Center (ATCs) or by EC-Council directly. Candidates that successfully pass the exam will receive the E|CIH certificate and membership privileges. Members are required to adhere to the policies of EC-Council’s Continuing Education Policy.

  • E|CIH allows cybersecurity professionals to demonstrate their mastery of the knowledge and skills required for Incident Handling

    Exam Title: EC-Council Certified Incident Handler
    Exam Code: 212-89
    Number of Questions: 100
    Duration: 3 hours
    Availability: EC-Council Exam Portal
    Test Format: Multiple Choice
    Passing score: 70%

    Eligibility Criteria

    To be eligible to sit the E|CIH Exam, the candidate must either:

    Attend official E|CIH training through any of EC-Council’s Authorized Training Centers (ATCs) or attend EC-Council’s live online training via iWeek or join our self-study program through iLearn (see


    Candidates with a minimum of 1 year of work experience in the domain that would like to apply to take the exam directly without attending training are required to pay the USD100 Eligibility Application Fee. This fee is included in your training fee should you choose to attend training.

  • Module 01: Introduction to Incident Handling and Response

  • Module 02: Incident Handling and Response Process

  • Module 03: Forensic Readiness and First Response

  • Module 04: Handling and Responding to Malware Incidents

  • Module 05: Handling and Responding to Email Security Incidents

  • Module 06: Handling and Responding to Network Security Incidents

  • Module 07: Handling and Responding to Web Application Security Incidents

  • Module 08: Handling and Responding to Cloud Security Incidents

  • Module 09: Handling and Responding to Insider Threats

The incident handling skills taught in E|CIH are complementary to the job roles below as well as many other cybersecurity jobs:

  • Penetration Testers

  • Vulnerability Assessment Auditors

  • Risk Assessment Administrators

  • Network Administrators

  • Application Security Engineers

  • Cyber Forensic Investigators/ Analyst and SOC Analyst

  • System Administrators/Engineers

  • Firewall Administrators and Network Managers/IT Managers

E|CIH is a specialist-level program that caters to mid-level to high-level cybersecurity professionals. In order to increase your chances of success, it is recommended that you have at least 1 year of experience in the cybersecurity domain.

E|CIH members are ambitious security professionals who work in Fortune 500 organizations globally.

iLearn (Self-Study)
This solution is an asynchronous, self-study environment which delivers EC-Council’s sought after IT Security training courses in a streaming video format.

iWeek (Live Online)
This solution is a live, online, instructor-led training course which means you can attend a course with a live instructor from anywhere with an internet connection.

Master Class
This solution offers you the opportunity to learn from world-class instructors and the opportunity to collaborate with top Infosecurity professionals.

Training Partner (In Person)
This solution offers “in-person” training so that you can get the benefit of collaborating with your peers and gaining real-world skills, conveniently located in your backyard.