ECIH

Understand the essential information security concepts

Explain information security threats and attack vector

Understand the information security incidents

Explain the incident handling and response process

Perform a vulnerability assessment

Perform a threat assessment

Explain the risk management process

Implement incident response automation and orchestration

Identify the best practices for incident handling and response

Understand different standards and frameworks related to incident handling

Explain the importance of laws related to incident handling

Identify various cyber security laws that may influence incindent handling

Define the incident handling and response process

Understand the preparation for incident handling and response

Explain the incident recording and assigment

Understand the incident triage process

Understand the steps for notification and containment

Assess the methods used for evidence gathering and forensics analysis

Explain eradication and recovery procedures

Understand the post-incident activities

Understand the essential concepts of computer forensics

Explain the computer forensics investigation process

Understand the importance of forensic readiness and forensic readiness procedures

Explain the importance of first response and the roles of the first responder

Understand the different types, characteristics, and roles of digital evidence

Explain the principles of digital evidence collection

Understand how to collect, preserve, and secure digital evidence

Describe various data acquisition methods

Implement volatile evidence collection methods

Implement static evidence collection methods

Perform evidence analysis using various forensic analysis tools

Understand various anti-forensic techniques

Understand the concept of malware incident response

Define different types of malware and their methods of propagation

Discuss the preparation required to handle malware incidents

Detect malware from live systems, memory dumps and intrusions

Illustrate containment of malware incidents

Explain the eradication methodology

Explain steps to follow to recover after malware incidents

Define guidelines to prevent malware incidents

Understand email security incidents

Explain different types of email attacks and their impacts

Discuss the preparation required to handle email incidents

Identify email attacks

Detect phishing and spam emails

Contain email attacks

Devise methods of eradicating email incidents

Explain steps for recovery after email incidents

Use Cases Across all SIEM deployments

Handling Alert Triaging and Analysis

Identify the common network security incidents

Understand the need for network security incident handling and response

Discuss the preparation requierd for handling network security incidents

Explain how to detect and validate network security incidents

Respond to various network security incidents

Understand Wireless network understand and DoS attacks

Contain network security incidents

Devise methods for eradicating network security incidents

Describe the steps to recover after network securirty incidents

Understand web application architecture and incident handling process

Explain various web application threats and attacks

Discuss the preparation steps required to handle web application security incidents

Understand how to detect and analyze web application security incidents

Identify various indicators of web application security incidents

Implement log analysis tools to detect and analyze web application security incidents

Explain various containment methods and tools for web application security incidents

Understand how to eradicate various web application attacks

Discuss various stepts to recover from web application security incidents

Describe various best practices for security web applications

Understand the concept and types of insider threats

Describe the driving forces behind insider attacks

Understand the importance of handling inisider threats

Discuss the preparation required to handle insider threats

Recognize potential indicators of insider threat

Understand how to detect and analyze insider threats

Implement insider threat detection tools

Explain containment steps for insider threats

Understand how to eradicate and recover from insider threats

Identify various best practices to prevent insider threats