The C)IHE - Certified Incident Handling Engineer course, is designed to help Incident Handlers, System Administrators, and Security Engineers understand how to plan, create, and utilize their systems to prevent, detect, and respond to attacks through the use of Mile2’s live hands-on Cyber Range.
Mile2 C)IHE strictly follows NIST’s 800-61 to identify the four phases of incident response:
With C)IHE’s in-depth certification training, the student will learn to develop start-to-finish processes for establishing an incident-handling team, strategizing for potential attack types, recovering from attacks, and much more.
|
Key takeaways |
Upon completion you will know NIST’s 800-61 four incident handling phases, and be able to accurately report on their findings.
By completing this course you will earn 40 CEUs.
|
Prerequisites |
Suggested Prerequisites:
|
Target audience |
Modules:
Labs:
Detailed Outline
Module 00: Course Introduction
Module 01: Incident Handling Explained
Section 1: Introduction
Section 2: What is an Incident?
Section 3: What is Incident Handling?
Section 4: Difference Between IH and IR
Section 5: The Incident Response Process
Section 6: Seven Reasons You Must Put Together an Incident Response Plan
Section 7: How to Build an Effective Incident Response Team
Section 8: Considerations for Creating an Incident Response Team
Section 9: Tips for Incident Response Team Members
Module 02: Incident Response Policy, Plan and Procedure Creation
Section 1: Introduction
Section 2: Incident Response Policy
Section 3: Incident Response Plan
Section 4: Incident Response Procedures
Section 5: Sharing Information with Outside Parties
Module 03: Incident Response Team Structure
Section 1: Introduction
Section 2: Team Models
Section 3: Team Model Selection
Section 4: Incident Response Personnel
Section 5: Dependencies within Organizations
Module 04: Incident Response Team Services
Section 1: Introduction
Section 2: Intrusion Detection
Section 3: Advisory Distribution
Section 4: Education and Awareness
Section 5: Information Sharing
Module 05: Incident Response Recommendations
Section 1: Introduction
Section 2: Establish a formal Incident Response Capability
Section 3: Establish Information Sharing Capabilities
Section 4: Building an Incident Response Team
Chapter 06: Preparation
Section 1: Introduction
Section 2: Threat Hunting
Section 3: Threat Analysis Frameworks
Section 4: Tools and Toolkits
Section 5: Policy
Section 6: Procedures
Section 7: Preventing Incidents
Module 07: Detection and Analysis
Section 1: Attack Vectors
Section 2: Signs of an Incident
Section 3: Sources of Precursors and Indicators
Section 4: Incident Analysis
Section 5: Incident Documentation
Section 6: Incident Prioritization
Section 7: Incident Notification
Module 08: Containment, Eradication and Recovery
Section 1: Selecting the Right Containment Strategy
Section 2: Gathering and Handling Evidence
Section 3: Identifying the Attacking Hosts
Section 4: Eradication and Recovery
Module 09: Post Incident Activity
Section 1: Introduction
Section 2: Lessons Learned
Section 3: Using Collected Incident Data
Section 4: Evidence Retention
Module 10: Incident Handling Checklist
Section 1: Introduction
Section 2: Building Checklists
Module 11: Incident Handling Recommendations
Section 1: Introduction
Section 2: Recommendations
Section 3: Implement Threat Intel
Module 12: Coordination and Information Sharing
Section 1: Introduction
Section 2: Coordination
Section 3: Purple Teaming
Section 4: Information Sharing Techniques
Section 5: Granular Information Sharing
Section 6: Sharing Recommendations
Objective:
Upon completion, Certified Incident Handling Engineer students will be ready to sit for the C)IHE exam.
The exam is taken online through Mile2’s Learning Management System and is accessible on your Mile2.com account. The exam will take approximately 2 hours and consist of 100 multiple choice questions.
A minimum grade of 70% is required for certification.
Your exam is included in the course fee!
All Mile2 certifications will be awarded a 3-year expiration date.
There are two requirements to maintain Mile2 certification:
For hendelseshåndterere, system- og sikkerhetsadministratorer, sikkerhetsingeniører, Active Directory- og Microsoft-administratorer, og penetrasjonstestere – samt alle som vil lære å forberede, oppdage, håndtere og lære av sikkerhetshendelser i tråd med NIST SP 800-61.
Anbefalt: ca. 12 måneder med nettverksteknologier, god forståelse av TCP/IP, og Linux-kunnskap.
En komplett IR-metodikk etter NIST 800-61: forberedelse, deteksjon og analyse, inneslutning/utryddelse/gjenoppretting og etterarbeid. Du bygger prosesser, roller og sjekklister, lærer koordinering og deling av informasjon, og trener på verktøy/teknikker for analyse, dokumentasjon og rapportering – klar for C)IHE-eksamen.
Leveres som klasseromskurs, live virtuelt eller bedriftsinternt/skreddersøm. Varighet: 5 dager, og fullført kurs gir 40 CEUs. Undervisningen dekker policy/plan/prosedyrer, teamstruktur, anbefalte tiltak og praktiske øvelser.
Ja – omfattende labber på Mile2 sin live Cyber Range: bl.a. SIEM-analyse, Velociraptor for bevisinnhenting, RT (Request Tracker)-workflow, plan-testing/feedback-sløyfe, sjekklister, anbefalinger og delingsavtaler/rapporteringskrav. Du forlater kurset med konkrete artefakter og prosedyrer klare for produksjon.
Kursavgiften er 35 000 NOK, og eksamen er inkludert i prisen.
Du får tilgang til Mile2 sitt digitale læringssystem, offisielt kursmateriell, videoer og øvelser.
Ja – kurset inkluderer sertifiseringseksamnen Certified Incident Handling Engineer.
Eksamen varer ca. 2 timer og består av 100 multiple-choice spørsmål
Eksamen tas online via Mile2 sin læringsplattform.
Sertifiseringen er gyldig i 3 år. For å beholde den må du:
Ja – kurset tilbys både som fysisk kurs i klasserom og som live, virtuelt kurs.
Ja – kurset kan tilbys bedriftsinternt og tilpasses organisasjonens behov.
Ja – vi tilbyr bedriftsinterne kurs både fysisk og virtuelt.