C)IHE - Certified Incident Handling Engineer
Home Courses Categories Continuity, Disaster Recovery, Incident Handling

C)IHE – Certified Incident Handling Engineer

Duration: 5 days
Format: Instructor-led, Live Virtual Training
Prerequisites: A minimum of 12 months experience in networking technologies, Sound knowledge of TCP/IP, Knowledge of Microsoft packages, Basic Knowledge of Linux is essential
Student Materials: Student Workbook, Student Lab Guide, Student Exam prep guide
CPEs: 40 Hours
Certification Exams: CIHE- Certified Incident Handling Engineer, Covers GCIH- GIAC Certified Incident Handler

The Certified Incident Handling Engineer vendor neutral certification is designed to help Incident Handlers, System Administrators, and any General Security Engineers understand how to plan, create and utilize their systems in order to prevent, detect and respond to attacks.

In this in-depth training, students will learn step-by-step approaches used by hackers globally, the latest attack vectors and how to safeguard against them, Incident Handling procedures (including developing the process from start to finish and establishing your Incident Handling team), strategies for each type of attack, recovering from attacks and much more.

Furthermore, students will enjoy numerous hands-on laboratory exercises that focus on topics, such as reconnaissance, vulnerability assessments using Nessus, network sniffing, web application manipulation, malware and using Netcat plus several additional scenarios for both Windows and Linux systems.

Benefits of C)IHE Course

Graduates of the mile2 Certified Incident Handling Engineer training obtain real world security knowledge that enables them to recognize vulnerabilities, exploit system weaknesses and help safeguard against threats. This course covers the same objectives as the SANS® Security 504 training and prepares students for the GCIH® and CIHE certifications

Introduction

Courseware Materials
Who is this class for?
What is the purpose of this course?
What information will be covered?
The Exam

Module I – Incident Handling Explained

Security Events
Logs
Alerts
What is an Incident?
Security Incident
Indication of Compromise
What is Incident Handling?
Difference between IH and IR
Common Tools
IPS vs WAF
SOC
Six Step Approach to Incident Handling

Module II – Threats, Vulnerabilities and Exploits

Overview
Vulnerabilities
Exploits
Threat
Incident Classification

Module III – Preparation

Overview
Policies & Procedures
The Team
Identify Incident Handling Team
Roles of the Incident Handling Team
IH Team Makeup
Team Organization
Incident Communication
Incident Reporting
Incident Response Training and Awareness
Underlining Technologies
Anti-virus
SEIM
User Identity
Ticketing Systems
Digital Forensics
eDiscovery
Data Backup and Recovery
Underlining Technologies
Technical Baselines
System Hardening
Summary

Module IV – First Response

Overview
Responder Toolkit
Responder’s System
What to look for
Attention
Volatility
First things first
Review
Goal
Challenges
Categorize Incidents
Incident Signs
Basic Steps
Receive
Examples of Electronic Signs
Examples of Human Signs
Analyze
Analysis
Incident Documentation
Incident Prioritization
Incident Notification

Module V – Containment

Overview
Containment
Goals
Delaying Containment
Choosing a Containment Strategy
On-site Response
Secure the Area
Conduct Research
Procedures for Containment
Make Recommendations
Establish Intervals
Capture Digital Evidence
Change Passwords

Module VI – Eradication

Overview
Eradication
Goals
Procedures for Eradication
Determine Cause
Procedures for Eradication

Module VII – Recovery

Overview
Recovery
Goals
Procedure for Recovery

Module VIII – Follow-Up

Overview
Follow-up
Goals
Procedures of Follow-up

Upon completion of the Certified Incident Handling Engineer course, students will be able to confidently undertake the CIHE certification examination (recommended). Students will enjoy an in-depth course that is continuously updated to maintain and incorporate the ever changing security world. This course offers up-to-date proprietary laboratories that have been researched and developed by leading security professionals from around the world.

The Certified Incident Handling Engineer exam is taken online through Mile2’s Assessment and Certification System (“MACS”), which is accessible on your mile2.com account. The exam will take 2 hours and consist of 100 multiple-choice questions. The cost is $400 USD and must be purchased from Mile2.com.