View the course listing on
NICCS.US-CERT.GOV

Certified Incident Handling Engineer

Phase2 Advantage: Certified Incident Handling Engineer

The Certified Incident Handling Engineer certification course is designed to help Incident Handlers, System Administrators, and Information Security professionals understand how to plan, create, and utilize their Incident Detection and Response systems to quickly and efficiently respond to potential threats.  In the realm of information security incidents, it’s not a matter of “if,” but “when.”  Preparation and preemptive training can make the difference between experiencing a security incident, and being subjected to a disastrous event.

Students will receive in-depth training to learn methodologies and exploits utilized by malicious actors, the latest attack vectors, and industry best practices for developing procedures and teams to safeguard against them. This course also provides numerous hands-on laboratory exercises that focus on topics such as reconnaissance, vulnerability assessments using Nessus, network sniffing, web application manipulation, malware identification and isolation, and scenarios for both Windows and Linux systems.

Course Outline and Learning Objectives

01) Overview: Incident Handling and Incident Response
02) Overview: The Attack Life Cycle
03) Threats, Vulnerabilities, and Exploits
04) Overview: Technology and Cyber Crime Topology
05) Preparation and Development Phase
06) Computer Security Incident Response Teams
07) Initial Response and Investigative Phase
08) Overview: Network Infrastructure Services
09) Investigating Windows Systems
10) Data Analysis Methodologies

11) NTFS and File System Analysis
12) Log Analysis and SIEM Architecture
13) Artifact Identification and Analysis
14) Overview: Data Collection and Forensic Duplication
15) Investigating Application Data
16) Incident and Compromise Containment
17) Malware Triage and Analysis (Static and Dynamic)
18) Incident Eradication Methodologies
19) System and Operational Recovery Strategies
20) Incident Documentation and Remediation Strategies

Course Materials

Hardcopy Training Materials

Digital Training Materials

Course Text / Workbook
Course Lab Manual
Supplemental Handout
Text: Key Security Concepts
Text: Exam Prep Guide
USB Drives, Pens, Pads

Course Text / Workbook
Course Lab Manual
Course Video Series
CEU Completion Certificate
Course Prep Guide
Course Exam Simulator

Certification Exam Included in Course Fee

Additional Information

English

5 Days

Business Continuity Managers
Information Security Trainers
Disaster Recovery Managers
Incident Handling Managers
Physical Security Managers
Corporate Risk Managers
Network Administrators
IT Security Managers

40

$3,500

The Certified Incident Handling Engineer course is a component of the career progression track that supports the following Categories, Specialty Areas and Work Roles as defined by the National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework:

Exploitation Analyst
(AN-EXP-001)

Cyber Crime Investigator
(IN-INV-001)

Law Enforcement / Counterintelligence Forensics Analyst
(IN-FOR-001)

All Source – Collection Manager
(CO-CLO-001)

Cyber Intel Planner
(CL-OPL-001)

Cyber Defense Forensics Analyst
(IN-FOR-002)

Average Yearly Salary:

Certification Examination

Phase2 Advantage Certification Exam

Upon completion of this course, students will be prepared to sit for the Incident Handling Engineer certification examination.  The proctored examination will be offered at the conclusion of the final training day.

Students will have two hours to complete a computer-based examination consisting of 100 questions. A score of 70% or higher is required to earn the certification.  Upon successful completion of the exam, students will receive a hardcopy of their certification and a proctor validation document from the course instructor.  Students will also receive a 40-hour CPE Certificate regardless of their exam score.

The examination is “closed book.”  However, students will be able to use their notes taken during the presentation of the lecture material.  Proctored examinations and proctor validation documents are only available for courses taken in a physical classroom environment

Contact Us for The Ultimate Training Experience

Contact Us

(912) 244-0394

Contact Us

Info@Phase2Advantage.com

Contact US

Phase2Advantage.com/Contact

previous arrow
next arrow
Slider