C)IHE: Incident Handling Engineer

The C)IHE - Certified Incident Handling Engineer course, is designed to help Incident Handlers, System Administrators, and Security Engineers understand how to plan, create, and utilize their systems to prevent, detect, and respond to attacks through the use of Mile2’s live hands-on Cyber Range.

Mile2 C)IHE strictly follows NIST’s 800-61 to identify the four phases of incident response: 

  1. preparation for a cybersecurity incident
  2. detection and analysis of a security incident
  3. containment, eradication, and recovery
  4. post-incident analysis.  

With C)IHE’s in-depth certification training, the student will learn to develop start-to-finish processes for establishing an incident-handling team, strategizing for potential attack types, recovering from attacks, and much more. 

Key takeaways

Upon completion you will know NIST’s 800-61 four incident handling phases, and be able to accurately report on their findings.

By completing this course you will earn 40 CEUs.

Prerequisites

Suggested Prerequisites: 

  • 12 months network technologies
  • Sound knowledge of networking and TCP/IP
  • Linux knowledge is essential.   

Target audience

  • Penetration Testers
  • Microsoft Administrator
  • Security Administrators
  • Active Directory Administrators
  • Anyone looking to learn more about security. 

 

Modules: 

  • Module 01: Incident Handling Explained
  • Module 02: Incident Response Policy, Plan and Procedure Creation
  • Module 03: Incident Response Team Structure
  • Module 04: Incident Response Team Services
  • Module 05: Incident Response Recommendations
  • Module 06: Preparation
  • Module 07: Detection and Analysis
  • Module 08: Containment, Eradication and Recovery
  • Module 09: Post Incident Activity
  • Module 10: Incident Handling Checklist
  • Module 11: Incident Handling Recommendations
  • Module 12: Coordination and Information Sharing

Labs:

  • Lab 01: Identifying Incident Triggers
  • Lab 02: Drafting Incident Response Procedures
  • Lab 03: Identifying and Planning for Your Dependencies
  • Lab 04: Testing Your Plan and Using a Feedback Loop to Future Proof Your Response
  • Lab 05: Drafting General Security Policies
  • Lab 06: Leveraging SIEM for Advanced Analytics
  • Lab 07: Use Velociraptor and Gather Evidence
  • Lab 08: Creating Request Tracker Workflow
  • Lab 09: Lessons Learned and Documentation
  • Lab 10: Creating and Incident Handling Checklist
  • Lab 11: Drafting Incident Response Recommendations for Improvements
  • Lab 12: Sharing Agreements and Reporting Requirements 

Detailed Outline

Module 00: Course Introduction

Module 01: Incident Handling Explained

Section 1: Introduction

Section 2: What is an Incident?

Section 3: What is Incident Handling?

Section 4: Difference Between IH and IR

Section 5: The Incident Response Process

Section 6: Seven Reasons You Must Put Together an Incident Response Plan

Section 7: How to Build an Effective Incident Response Team

Section 8: Considerations for Creating an Incident Response Team

Section 9: Tips for Incident Response Team Members

Module 02: Incident Response Policy, Plan and Procedure Creation

Section 1: Introduction

Section 2: Incident Response Policy

Section 3: Incident Response Plan

Section 4: Incident Response Procedures

Section 5: Sharing Information with Outside Parties

Module 03: Incident Response Team Structure

Section 1: Introduction

Section 2: Team Models

Section 3: Team Model Selection

Section 4: Incident Response Personnel

Section 5: Dependencies within Organizations

Module 04: Incident Response Team Services

Section 1: Introduction

Section 2: Intrusion Detection

Section 3: Advisory Distribution

Section 4: Education and Awareness

Section 5: Information Sharing

Module 05: Incident Response Recommendations

Section 1: Introduction

Section 2: Establish a formal Incident Response Capability

Section 3: Establish Information Sharing Capabilities

Section 4: Building an Incident Response Team

Chapter 06: Preparation

Section 1: Introduction

Section 2: Threat Hunting

Section 3: Threat Analysis Frameworks

Section 4: Tools and Toolkits

Section 5: Policy

Section 6: Procedures

Section 7: Preventing Incidents

Module 07: Detection and Analysis

Section 1: Attack Vectors

Section 2: Signs of an Incident

Section 3: Sources of Precursors and Indicators

Section 4: Incident Analysis

Section 5: Incident Documentation

Section 6: Incident Prioritization

Section 7: Incident Notification

Module 08: Containment, Eradication and Recovery

Section 1: Selecting the Right Containment Strategy

Section 2: Gathering and Handling Evidence

Section 3: Identifying the Attacking Hosts

Section 4: Eradication and Recovery

Module 09: Post Incident Activity

Section 1: Introduction

Section 2: Lessons Learned

Section 3: Using Collected Incident Data

Section 4: Evidence Retention

Module 10: Incident Handling Checklist          

Section 1: Introduction

Section 2: Building Checklists

Module 11: Incident Handling Recommendations

Section 1: Introduction

Section 2: Recommendations

Section 3: Implement Threat Intel

Module 12: Coordination and Information Sharing

Section 1: Introduction

Section 2: Coordination

Section 3: Purple Teaming

Section 4: Information Sharing Techniques

Section 5: Granular Information Sharing

Section 6: Sharing Recommendations

Objective:

Upon completion, Certified Incident Handling Engineer students will be ready to sit for the C)IHE exam.

Exam information:

The exam is taken online through Mile2’s Learning Management System and is accessible on your Mile2.com account. The exam will take approximately 2 hours and consist of 100 multiple choice questions. 

A minimum grade of 70% is required for certification.

Your exam is included in the course fee!

Re-certification requirements:

All Mile2 certifications will be awarded a 3-year expiration date.

There are two requirements to maintain Mile2 certification:

  • Pass the most current version of the exam for your respective existing certification
  • Earn and submit 20 CEUs per year in your Mile2 account  

1. Hvem passer dette kurset for?

For hendelseshåndterere, system- og sikkerhetsadministratorer, sikkerhetsingeniører, Active Directory- og Microsoft-administratorer, og penetrasjonstestere – samt alle som vil lære å forberede, oppdage, håndtere og lære av sikkerhetshendelser i tråd med NIST SP 800-61.

2. Hvilke forkunnskaper bør jeg ha?

Anbefalt: ca. 12 måneder med nettverksteknologier, god forståelse av TCP/IP, og Linux-kunnskap.

3. Hva lærer jeg i kurset?

En komplett IR-metodikk etter NIST 800-61: forberedelse, deteksjon og analyse, inneslutning/utryddelse/gjenoppretting og etterarbeid. Du bygger prosesser, roller og sjekklister, lærer koordinering og deling av informasjon, og trener på verktøy/teknikker for analyse, dokumentasjon og rapportering – klar for C)IHE-eksamen.

4. Hvordan foregår kurset?

Leveres som klasseromskurs, live virtuelt eller bedriftsinternt/skreddersøm. Varighet: 5 dager, og fullført kurs gir 40 CEUs. Undervisningen dekker policy/plan/prosedyrer, teamstruktur, anbefalte tiltak og praktiske øvelser.

5. Er dette kurset praktisk?

Ja – omfattende labber på Mile2 sin live Cyber Range: bl.a. SIEM-analyse, Velociraptor for bevisinnhenting, RT (Request Tracker)-workflow, plan-testing/feedback-sløyfe, sjekklister, anbefalinger og delingsavtaler/rapporteringskrav. Du forlater kurset med konkrete artefakter og prosedyrer klare for produksjon.

6. Hvor mye koster kurset?

Kursavgiften er 35 000 NOK, og eksamen er inkludert i prisen.

7. Hva slags materiell får jeg?

Du får tilgang til Mile2 sitt digitale læringssystem, offisielt kursmateriell, videoer og øvelser.

8. Gir kurset sertifisering?

Ja – kurset inkluderer sertifiseringseksamnen Certified Incident Handling Engineer

  • Eksamen varer ca. 2 timer og består av 100 multiple-choice spørsmål

  • Du må ha minst 70 % riktig for å bestå.

Eksamen tas online via Mile2 sin læringsplattform.

9. Hvor lenge varer sertifiseringen?

Sertifiseringen er gyldig i 3 år. For å beholde den må du:

  1. Bestå den nyeste versjonen av eksamen
  2. Opparbeide og registrere 20 CEUs per år i Mile2-kontoen din

10. Kan jeg delta digitalt?

Ja – kurset tilbys både som fysisk kurs i klasserom og som live, virtuelt kurs.

11. Kan jeg få kurset spesialtilpasset?

Ja – kurset kan tilbys bedriftsinternt og tilpasses organisasjonens behov.

12. Kan jeg bestille kurset for min organisasjon?

Ja – vi tilbyr bedriftsinterne kurs både fysisk og virtuelt.

Andre relevante kurs

5 dager
Classroom Virtual
5 dager
Classroom Virtual
4 dager
Classroom Virtual