EC-Council Certified Incident Handler Exam Information

• Defines computer security incident
• Discusses the importance of data classification
• Discusses information warfare
• Discusses  the key concepts of information security
• Explains various vulnerability, threat, and attacks on information systems
• Discusses types of computer security incidents with example
• Explains different incident categories
• Discusses incident prioritization issues
• Explains incident response, incident handling and computer forensics

• Explains risk policy
• Discusses the risk assessment methodology
• Outlines different steps to assess and mitigate risks at work place
• Describes risk analysis
• Discusses different risk mitigation strategies
• Explains the importance of cost/benefit analysis in risk assessment process
• Discusses various issues involved with control implementation
• Explains the risk mitigation methodology
• Discusses residual risk
• Showcases risk assessment tools

• Explains the need for incident response
• Describes the incident response process
• Explains the incident response components
• Describes incident response methodology
• Explains various incident response and handling stages
• Defines the incident response plan
• Outlines the steps for incident response plan
• Discusses the importance of training and awareness for incident response and handling
• Provides security awareness and training checklists
• Explains incident response policy
• Discusses about incident management and the purpose of incident management
• Explains about incident response team structure, personnel, team dependencies and team services
• Defines the relationship between incident response, incident handling, and incident management
• Discusses about incident response best practices

• Discusses the need of an Incident Response Team (IRT)
• Explains CSIRT goals and strategy
• Explains CSIRT  mission and vision
• Explains CSIRT constituency
• Discusses about the CSIRT place in the organization
• Explains the CSIRT relationship with peers
• Defines the types of CSIRT environments
• Explains the best practices for creating a CSIRT
• Explains the role of CSIRTs
• Defines the roles in an Incident Response Team
• Illustrates different CSIRT services
• Explains about CSIRT policies and procedures
• Explains how CSIRT handles a case

• Defines DoS and DDoS attacks
• Explains incident handling preparation for DoS attacks
• Discusses different types of unauthorized access incident
• Explains various stages involved in incident handling preparation for unauthorized access incident
• Discusses different types of inappropriate usage incidents
• Explains different steps of incident handling preparation for inappropriate usage incidents
• Discusses about the multiple component incidents
• Explains steps involved in incident handling preparation for multiple component incidents
• Showcases network security assessment tools such as Nmap and Wireshark

• Explains about virus, worms, trojans and spywares
• Explains the incident handling preparation for malicious code incidents
• Discusses about the incident prevention, detection and analysis of malicious code incidents
• Explains the containment strategy for the t malicious code incidents
• Explains the method of  evidence gathering and handling the malicious code incidents
• Defines the method of eradication and recovery from the malicious code incidents
• Explains various countermeasures for the malicious code incidents

• Defines insider threats
• Explains the anatomy of an insider attack
• Explains different techniques for the insider threat detection
• Explains the insider threats response
• Describes the insider’s incident response plan
• Provides guidelines for overcoming insider threats
• Demonstrates various employee monitoring tools

• Discusses computer forensics
• Explains the objectives of forensics analysis
• Discusses about the role of forensics analysis in incident response
• Explains the types of computer forensics
• Discusses about computer forensic investigator and other people involved in computer forensics
• Defines the computer forensics process
• Explains about the forensic policies
• Discusses about the forensics in the information system life cycle
• Demonstrates forensic analysis tools such as Helix and Sysinternals tools

• Defines the incident reporting
• Outlines the details to be reported
• Provides report formats
• Discusses the information disclosure issues
• Explains the issues involved in reporting work place incidents
• Discusses about the federal agency incident categories
• Provides the incident reporting guidelines

• Defines the incident recovery
• Explains the principles of incident recovery
• Illustrates different  steps of incident recovery
• Discusses about contingency/continuity of operations planning
• Discusses about business continuity planning and business impact analysis
• Describes the incident recovery plan
• Discusses about the incident recovery planning team
• Defines the incident recovery testing

• Defines the security policy
• Explains the key elements of security policy
• Describes the goals of a security policy
• Explains the purpose of a security policy
• Explains the characteristics of a security policy
• Discusses about the implementation of security policies
• Explains the access control policy and its importance
• Explains the administrative security policy, asset control policy, audit trail policy, logging policy, documentation policy, evidence collection policy, information security policy, National Information Assurance Certification & Accreditation Process (NIACAP) policy, and physical security policy
• Provides the physical security guidelines
• Discusses about the  personnel security policies & guidance
• Explains the role of laws in incident handling
• Discusses about the  legal issues when dealing with an incident
• Discusses about the  law enforcement agencies