Course Duration

24.0 hr(s)

Mode of Assessment

  • Students will be required to complete a written assessment during class. There are 2 assessment modes in this module: Short Answer Question and Case Study

  • External Certification Exam
    • After completing the course, students can proceed to undertake the EC Council Certified Ethical Hacker exam. NTUC LHUB will issue an exam voucher and candidates may proceed to book the official “EC-Council Certified Incident Handler (ECIH)” exam (valid for 1 year after you have submitted course evaluation via Aspen Portal)

Who Should Attend

  • Penetration Testers
  • Vulnerability Assessment Auditors
  • Risk Assessment Administrators
  • Network Administrators
  • Application Security Engineers
  • Cyber Forensic Investigators/ Analyst and SOC Analyst
  • System Administrators/Engineers
  • Firewall Administrators and Network Managers/IT Managers

Course Overview

The 3-day course EC-Council Certified Incident Handler (ECIH) provides a structured approach to learning real-world incident handling and response requirements.

This program addresses all the stages involved in incident handling and the response process to enhances your skills as an incident handler and responder, increasing your employability. This approach makes ECIH one of the most comprehensive incident handling and response related certifications on the market today.

The skills taught in EC-Council’s ECIH program are desired by cybersecurity professionals from around the world and is respected by employers.

ECIH is a specialist-level program that caters to mid-level to high-level cybersecurity professionals.

Course Schedule

Next available schedule

Course Objectives

Cybersecurity Professionals interested in pursuing incident handling and response as a career require comprehensive training that not only imparts concepts but also allows them to experience real scenarios. The ECIH program includes hands-on learning delivered through labs within the training program. True employability after earning a certification can only be achieved when the core of the curricula maps to and is compliant with government and industry-published incident and response frameworks.

The Certified Incident Handler prepares a security professional to work as an Incident Handler. ECIH training confirms the capacities of an analyst to not only detect incidents, but also quickly manage and respond holistically to these incidents.

Skills that Participants will Gain from this Course:

  • Understand the key issues plaguing the information security world
  • Learn to combat different types of cybersecurity threats, attack vectors, threat actors and their motives
  • Learn the fundamentals of incident management including the signs and costs of an incident
  • Understand the fundamentals of vulnerability management, threat assessment, risk management, and incident response automation and orchestration
  • Master all incident handling and response best practices, standards, cybersecurity frameworks, laws, acts, and regulations
  • Decode the various steps involved in planning an incident handling and response program
  • Gain an understanding of the fundamentals of computer forensics and forensic readiness
  • Comprehend the importance of the first response procedure including evidence collection, packaging, transportation, storing, data acquisition, volatile and static evidence collection, and evidence analysis
  • Understand anti-forensics techniques used by attackers to find cybersecurity incident cover-ups
  • Apply the right techniques to different types of cybersecurity incidents in a systematic manner including malware incidents, email security incidents, network security incidents, web application security incidents, cloud security incidents, and insider threat-related incidents


Knowledge, Skills & Experience

It is recommended that the participant have at least 1 years of relevant working experience in IT industry with knowledge in the area of Ethical Hacking / network security.

Recommended courses prior to taking ECIH:

  • CompTIA A+
  • CompTIA Network +
  • CompTIA Security+
  • ISACA Cybersecurity Fundamentals
  • Identity and Access Management Essentials (SF)
  • EC-Council Certified Network Defender (CND) (SF)

Recommended for Career Path Advancement

  • EC Council Computer Hacking Forensic Investigator (CHFI) (For Incident Response and Forensics)
  • EC Council Certified Incident Handler (ECIH) (For Incident Response and Forensics)
  • EC Council Certified SOC Analyst (CSA) (For SOC Operations)
  • Cisco CCNA Cyber Security Operations (For SOC Operations)
  • ISC2 Certified Information Systems Security Professional (CISSP) (For Security Engineer)
  • Certificate of Cloud Auditing Knowledge (CCAK) (For Cloud Security)
  • ISC2 Certified Cloud Security Professional (CCSP) (For Cloud Security)

Hardware & Software
This course will be conducted as a Virtual Live Class (VLC) via Zoom platform. Participants must own a zoom account and have a laptop or a desktop with “Zoom Client for Meetings” installed. This can be downloaded from

System Requirement

Must Have:

Please ensure that your computer or laptop meets the following requirements.

  • Operating system: Windows 10 or MacOS (64 bit or above)
  • Processor/CPU: 1.8 GHz, 2-core Intel Core i3 or higher
  • Minimum 20 GB hard disk space.
  • Minimum 8 Gb RAM
  • Webcam (The camera must be turned on for the duration of the class)
  • Microphone
  • Internet Connection: Wired or Wireless broadband
  • Latest version of Zoom software to be installed on computer or laptop prior to the class.

Good to Have:

  • Wired internet connection
    Wired internet will provide you with stable and reliable connection.
  • Dual monitors
    Using a dual monitor setup will undoubtedly improve your training experience, enabling you to simultaneously participate in hands-on exercises and maintain engagement with your instructor.>

Not Recommended:

Using tablets is not recommended due to their smaller screen size, which could cause eye strain and discomfort over the course of the program's duration.

Course Outline

Session 1 – Introduction to Incident Handling and Response

Session 2 – Incident Handling and Response Process

Session 3 – Forensic Readiness and First Response

Session 4 – Handling and Responding to Malware Incidents

Session 5 – Handling and Responding to Email Security Incidents

Session 6 – Handling and Responding to Network Security Incidents Learning

Session 7 – Handling and Responding to Web Application Security Incidents

Session 8 – Handling and Responding to Cloud Security Incidents

Session 9 – Handling and Responding to Insider Threats

Certificate Obtained and Conferred by

  • Certificate of Completion from NTUC LearningHub

Upon meeting at least 75% attendance and passing the assessment(s), participants will receive a Certificate of Completion from NTUC LearningHub.

  • Statement of Attainment (SOA) from SkillsFuture Singapore

Upon meeting at least 75% attendance and passing the assessment(s), participants will receive a SOA from SkillsFuture Singapore to certify that the participant has achieved the following Competency Standard(s):

ICT-OUS-3003-2.1 Cyber and Data Breach Incident Management

  • External Certification

After completing this course and upon passing the official “EC-Council Certified Incident Handler (ECIH)” certification exam, candidates will receive the official certification from EC Council. The certification is governed and maintained by EC Council. For more information:

Additional Details

After registering for this course, you will be issued the following:

1. EC Council Official E-Courseware (valid for 24 months, after you have registered an Aspen account and entered the subscription access code issued to you via email)

2. EC Council Official iLab (access for 6 months), practice what you have learned from class using iLab hosted over cloud and accessible 24/7 via web browser.

3. EC Council 1 x Exam Voucher (valid for 1 year after you have submitted course evaluation via Aspen Portal)

4. Certificate of Attendance (after you have submitted course evaluation via Aspen Portal)

5. Certificate of Award (after you have passed the exam which will be proctored at NTUC LearningHub)

Trainer: Trainee Ratio is 1: 20


Course Fee and Government Subsidies

Individual Sponsored

Company Sponsored



Before GST

With GST

Before GST

With GST

Before GST

With GST

For International Students (Full Course Fee) 







For Singapore Citizens and PRs aged 21 years and above 







For Singapore Citizens aged 40 years and above  








Individual Sponsored Trainee

Company Sponsored Trainee

SkillsFuture Credit:

  • Eligible Singapore Citizens can use their SkillsFuture Credit to offset course fee payable after funding.


  • This course is eligible for Union Training Assistance Programme (UTAP).
  • NTUC members can enjoy up to 50% funding (capped at $250 per year) under UTAP.

Absentee Payroll (AP) Funding:

  • $4.50 per hour, capped at $100,000 per enterprise per calendar year.
  • AP funding will be computed based on the actual number of training hours attended by the trainee.
  • Note: Courses / Modules under Professional Conversion Programme (PCP) will not be eligible for AP funding claim.


Terms & Conditions apply. NTUC LearningHub reserve the right to make changes or improvements to any of the products described in this document without prior notice.

Prices are subject to other LHUB miscellaneous fees.

What Others Also Enrolled In