Ask us about our Best Price Guarantee. We’ll beat any competitor’s price!

ICLIn-Classroom Learning VLTVirtual Live Training GTRGuaranteed to Run (*Discounted Registrations may not be eligible/are subject to change)
Location Start date End Date Class Times Class Details Action
No class dates currently scheduled. Click here to request a date


About this Cybersecurity Training Course

The Certified Incident Handling Engineer Cybersecurity Training Course is designed to help Incident Handlers, System Administrators, and any General Security Engineers understand how to plan, create and utilize their systems in order to prevent, detect and respond to attacks.

In this in depth training, students will learn step-by-step approaches used by hackers globally, the latest attack vectors and how to safeguard against them, Incident Handling procedures (including developing the process from start to finish and establishing your Incident Handling team), strategies for each type of attack, recovering from attacks and much more.

Furthermore, students will enjoy numerous hands-on laboratory exercises that focus on topics, such as reconnaissance, vulnerability assessments using Nessus, network sniffing, web application manipulation, malware and using Netcat plus several additional scenarios for both Windows and Linux systems.

Graduates of the Certified Incident Handling Engineer training obtain real world security knowledge that enables them to recognize vulnerabilities, exploit system weaknesses and help safeguard against threats. This Cybersecurity Training Course covers the same objectives as the SANS Security 504 training and prepares students for the GCIH and CIHE certifications. 


  • A minimum of 12 months experience in networking technologies
  • Sound knowledge of TCP/IP
  • Knowledge of Microsoft packages
  • Basic Knowledge of Linux is essential 

Cybersecurity Training Course Objective

Upon completion of the Certified Incident Handling Engineer Cybersecurity Training Course, students will be able to confidently undertake the CIHE certification examination (recommended). Students will enjoy an in-depth Cybersecurity Training Course that is continuously updated to maintain and incorporate the ever changing security world. This Cybersecurity Training Course offers up-to-date proprietary laboratories that have been researched and developed by leading security professionals from around the world.



  • Cybersecurity Training Courseware Materials
  • Who is this class for?
  • What is the purpose of this Cybersecurity Training Course?
  • What information will be covered?
  • The Exam

Module I – Incident Handling Explained

  • Security Events
  • Logs
  • Alerts
  • What is an Incident?
  • Security Incident
  • Indication of Compromise
  • What is Incident Handling?
  • Difference between IH and IR
  • Common Tools
  • IPS vs WAF
  • SOC
  • Six Step Approach to Incident Handling

Module II – Threats, Vulnerabilities and Exploits

  • Overview
  • Vulnerabilities
  • Exploits
  • Threat
  • Incident Classification

Module III Preparation

  • Overview
  • Policies & Procedures
  • The Team
  • Identify Incident Handling Team
  • Roles of the Incident Handling Team
  • IH Team Makeup
  • Team Organization
  • Incident Communication
  • Incident Reporting
  • Incident Response Training and Awareness
  • Underlining Technologies
  • Anti-virus
  • SEIM
  • User Identity
  • Ticketing Systems
  • Digital Forensics
  • eDiscovery
  • Data Backup and Recovery
  • Underlining Technologies
  • Technical Baselines
  • System Hardening
  • Summary
  • Module IV – First Response
  • Overview
  • Responder Toolkit
  • Responders System
  • What to look for
  • Attention
  • Volatility
  • First things first
  • Review
  • Goal
  • Challenges
  • Categorize Incidents
  • Incident Signs
  • Basic Steps
  • Receive
  • Examples of Electronic Signs
  • Examples of Human Signs
  • Analyze
  • Analysis
  • Incident Documentation
  • Incident Prioritization
  • Incident Notification

Module V Containment

  • Overview
  • Containment
  • Goals
  • Delaying Containment
  • Choosing a Containment Strategy
  • On-site Response
  • Secure the Area
  • Conduct Research
  • Procedures for Containment
  • Make Recommendations
  • Establish Intervals
  • Capture Digital Evidence
  • Change Passwords

Module VI Eradication

  • Overview
  • Eradication
  • Goals
  • Procedures for Eradication
  • Determine Cause
  • Procedures for Eradication

Module VII Recovery

  • Overview
  • Recovery
  • Goals
  • Procedure for Recovery

Module VIII – Follow-Up

  • Overview
  • Follow-up
  • Goals
  • Procedures of Follow-up