Organizations are under constant attack and with the knowledge and skills found in the E|CIH program, professionals can now not only detect incidents, but also quickly manage and respond holistically to these incidents.

EC-Council Certified Incident Handler (ECIH) is a comprehensive specialist-level program to build the knowledge and skills to effectively handle post breach consequences by reducing the impact of the incident, from both a financial and a reputational perspective.

E|CIH is a method-driven program that uses a holistic approach to cover vast concepts concerning organizational incident handling and response from preparing and planning the incident handling response process to recovering organizational assets after a security incident. These concepts are essential for handling and responding to security incidents to protect organizations from future threats or attacks.

E|CIH comes integrated with labs so that students can practice the skills they learn. More than 40% of class time is dedicated to practical learning through EC-Council labs. The theory to practice ratio for the E|CIH program is 60:40, providing students with a hands-on experience using the latest incident handling and response tools, techniques, methodologies, and frameworks across different operating platforms that are required by incident handlers to effectively handle and respond to various organizational threats and incidents.

Training includes:

  • Instructor-led, streaming video training modules – 1-year access
  • Official EC-Council e-courseware – 1-year access
  • iLabs, virtual lab platform – 6 months access
  • Certification Exam Voucher
  • Certificate of Attendance

Course outline:

  • Module 01: Introduction to incident handling and response
  • Module 02: Incident handling and response process
  • Module 03: Forensic readiness and first response
  • Module 04: Handling and responding to malware incidents
  • Module 05: Handling and responding to email security incidents
  • Module 06: Handling and responding to network security incidents
  • Module 07: Handling and responding to web application security incidents
  • Module 08: Handling and responding to cloud security incidents
  • Module 09: Handling and responding to insider threats

Who is it for:

The incident handling skills taught in ECIH are complementary to the job roles below as well as many other cybersecurity jobs:

  • Penetration testers
  • Vulnerability assessment auditors
  • Risk assessment administrators
  • Network administrators
  • Application security engineers
  • Cyber forensic investigators/ analyst and SOC analyst
  • System administrators/engineers
  • Firewall administrators and network managers/IT managers.


ECIH is a specialist-level program that caters to mid-level to high-level cybersecurity professionals. To increase your chances of success, it is recommended that you have at least 1 year of experience in the cybersecurity domain.

Duration: 24 hours or 3 full-day sessions

Cost: $1,900 + HST

ORION Flexible Online Training courses are exclusively for ORION constituents. Organizers have the right to restrict access to online resources accordingly.


For more information, please contact ORION’s Community Development team at