The purpose of the EC-Council | Certified Incident Handler (ECIH) v2 credential is to:

It is a comprehensive specialist-level program that imparts knowledge and skills that organizations need to effectively handle post breach consequences by reducing the impact of the incident, from both a financial and a reputational perspective.

About the Program

Professionals interested in pursuing incident handling and response as a career require comprehensive training that not only imparts concepts but also allows them to experience real-scenarios. The E|CIH program includes hands-on learning delivered through labs within the training program. True employability after earning a certification can only be achieved when the core of the curricula maps to and is compliant with government and industry-published incident and response frameworks.

E|CIH is a method-driven program that uses a holistic approach to cover vast concepts concerning organizational incident handling and response from preparing and planning the incident handling response process to recovering organizational assets after a security incident. These concepts are essential for handling and responding to security incidents to protect organizations from future threats or attacks.

Course Outline

Module 1: Introduction to Incident Handling and Response
Module 2: Incident Handling and Response Process
Module 3: Forensic Readiness and First Response
Module 4: Handling and Responding to Malware Incidents
Module 5: Handling and Responding to Email Security Incidents
Module 6: Handling and Responding to Network Security Incidents
Module 7: Handling and Responding to Web Application Security Incidents
Module 8: Handling and Responding to Cloud Security Incidents
Module 9: Handling and Responding to Insider Threats

Who Is It For?

The EC-Council Certified Incident Handler (ECIH) program is designed for all IT professionals involved with information system security, computer forensics, and incident response.

Target Audience:

E|CIH is a specialist-level program that caters to mid-level to high-level cybersecurity professionals. In order to increase your chances of success, it is recommended that you have at least 1 year of experience in the cybersecurity domain.

  • Penetration Testers
  • Application Security Engineers
  • Vulnerability Assessment Auditors
  • Cyber Forensic Investigators/Analyst and SOC Analyst
  • Risk Assessment Administrators
  • System Administrators/ Engineers
  • Network Administrators
  • Firewall Administrators and Network
  • Managers/IT Managers

Training Duration:

3 Days (9:00 AM – 6:00 PM)

About the Exam:

  • Exam Title: EC-Council Certified Incident Handler
  • Exam Code: 212-89
  • Number of Questions: 100
  • Duration: 3 Hours
  • Availability: ECC Exam Portal
  • Test Format: Interactive Multiple Choice Questions
  • Passing Score: 70%

Passing Score

In order to maintain the high integrity of our certifications exams, EC-Council Exams are provided in multiple forms (I.e. different question banks). Each form is carefully analyzed through beta testing with an appropriate sample group under the purview of a committee of subject matter experts that ensure that each of our exams not only has academic rigour but also has “real world” applicability. We also have a process to determine the difficulty rating of each question. The individual rating then contributes to an overall “Cut Score” for each exam form. To ensure each form has equal assessment standards, cut scores are set on a “per exam form” basis. Depending on which exam form is challenged, cut scores can range from 60% to 78%.

Eligibility Criteria:

In order to be eligible to attempt  ECIH, certification examination, candidates may opt to:

Attend Official Training:

Attend official E|CIH training through any of EC-Council’s Authorized Training Centers (ATCs) or attend EC-Council’s live online training via iWeek or join our self-study program through iLearn (see

Attempt Exam without Official Training:

Candidates with a minimum of 1 year of work experience in the domain that would like to apply to take the exam directly without attending training are required to pay the USD100 Eligibility Application Fee. This fee is included in your training fee should you choose to attend training.


There are no reviews yet.

Be the first to review “EC-Council | Certified Incident Handler (ECIH)”

Your email address will not be published. Required fields are marked *