The EC-Council Certified Incident Handler (ECIH) exam is a three-hour exam with 100 multiple-choice questions. It covers various cybersecurity and IH&R standards, laws, and policies, enabling incident-handling professionals to align their processes with industry standards.
ECIH maps 100 percent to the NICE framework under the category "Protect and Defend (PR): and the specialty "Incident Response (CIR)". ECIH maps 100 percent to the CREST Certified Incident Manager (CCIM) framework. It is focused on maintaining an appropriate incident response standard that determines the investigation path based on considerable real-world incident handling experience and the pertinent information available. ECIH maps to CREST Certified level examinations are designed to set the benchmark for senior incident handlers. By gaining the ECIH certification, individuals are globally recognized as certified incident handlers.
This exam measures skills in incident response and handling, process handling, forensics readiness, first response, email security incidents, application-level incidents, network and mobile incidents, insider threats, malware incidents, and incidents in a cloud environment.