Maxtrain.com - [email protected] - 513-322-8888 - 866-595-6863


Certified Incident Handling Engineer



Prepare for the Certified Incident Handling Engineer exam and learn how to plan, create, and utilize your systems in order to prevent, detect, and respond to security breaches. In this course you will learn the common attack techniques, vectors, and tools used by hackers, so you can effectively prevent, detect, and respond against them. This course is ideal for those who lead incident handling teams or are part of an incident handling team.  Certified Incident Handling Engineer NSA, CNSS, NICCS, FBI is:

  • accredited by the NSA’s CNSS 4011-4016
  • approved on Homeland Security NICCS training schedule
  • on the FBI’s preferred cyber security certification requirements.

Every business connected to the internet is getting probed by hackers trying to gain access. The ideal situation is to prevent this from happening, but realistically every business needs to know how to detect and resolve security breaches. Certified Incident Handlers are prepared to do handle these situations effectively.

In this course you will be fully engaged with numerous hands-on laboratory exercises that focus on topics, such as reconnaissance, vulnerability assessments using Nessus, network sniffing, web application manipulation, malware and using Netcat plus several additional scenarios for both Windows and Linux systems. The 20 hours of experience in our labs is what will put you ahead of the competition and set you apart as a leader in incident handling.

Upon Completion

You will:

  • Have knowledge to detect security threats, risk, and weaknesses.
  • Have knowledge to plan for prevention, detection, and responses to security breaches.
  • Have knowledge to accurately report on their findings from examinations.
  • Be ready to sit for the C)IHE Certification Exam

With 13 modules and 14 Labs, the C)IHE will prepare you to handle the toughest incidents of security breaches because you will have knowledge and experience under your belt.

Exam Information

The Certified Incident Handling exam is taken online through Mile2’s Learning Management System and is accessible on you Mile2.com account.  The exam will take approximately 2 hours and consist of 100 multiple choice questions. 

A minimum grade of 70% is required for certification.

About our Mile2 Courses:

  • Mile2 is Accredited by the NSA-CNSS, Approved by Homeland Security NICCS Framework, and is on the FBI’s Tier 1-3 Certification Training Chart.
  • DOD 8140: Mile2 Courses are mapped to the new Department of Defense 8140 Initiative.


Mile2 is Accredited by the NSA-CNSS, Approved on Homelands Security NICCS Framework, and is on the FBI’s Tier 1-3 Certification Training Chart.



Chapter 1:  Incident Handling Explained  

  1. What is an incident?
  2. What is Incident Handling?
  3. Difference between IH and IR
  4. The Incident Response Process
  5. Seven reasons you must put together an incident response plan
  6. How to build an effective incident response team
  7. Considerations for Creating an Incident Response team
  8. Tips for incident response team members

Chapter 2:  Incident Response Policy, Plan, and Procedure Creation 

  1. Incident Response Policy
  2. Incident Response Plan
  3. Incident Response Procedures
  4. Sharing Information with Outside Parties

Chapter 3:  Incident Response Team Structure

  1. Team Models
  2. Team Model Selection
  3. Incident Response Personnel
  4. Dependencies within Organizations

Chapter 4:  Incident Response Team Services              

  1. Intrusion Detection
  2. Advisory Distribution
  3. Education and Awareness
  4. Information Sharing

Chapter 5:  Incident Response Recommendations   

  1. Introduction
  2. Establish a formal incident response capability
  3. Establish Information Sharing capabilities
  4. Building an Incident Response Team

Chapter 6:  Preparation      

  1. Tools and Toolkits
  2. Policy
  3. Procedures
  4. Preventing Incidents

Chapter 7:  Detection and Analysis 

  1. Attack Vectors
  2. Signs of an Incident
  3. Sources of Precursors and Indicators
  4. Incident Analysis
  5. Incident Documentation
  6. Incident Prioritization
  7. Incident Notification

Chapter 8:  Containment, Eradication, and Recovery     

  1. Selecting the Right Containment Strategy
  2. Gathering and Handling Evidence
  3. Identifying the Attacking Hosts
  4. Eradication and Recovery

Chapter 9:  GRR Rapid Response

  1. What is GRR?
  2. Installing GRR server
  3. Deploying GRR clients
  4. Investigating with GRR

Chapter 10:  Request Tracker for Incident Response              

  1. Request Tracker
  2. Request Tracker for Incident Response

Chapter 11:  Post-Incident Activity

  1. Lessons Learned
  2. Using Collected Incident Data
  3. Evidence Retention

Chapter 12:  Incident Handling Checklist 

  1. Building Checklists

Chapter 13:  Incident Handling Recommendation

  1. Recommendations

Chapter 14:  Coordination and Information Sharing     

  1. Coordination
  2. Information Sharing Techniques
  3. Granular Information Sharing
  4. Sharing Recommendations


Detailed Lab Outline:

          Lab Introduction – Recording IPs and Logging In      

Lab 1 – Identifying Incident Triggers

  • Explaining Centers of Gravity and how to Identify them
  • Identifying Security Events within your Center of Gravity
  • Defining Incident Triggers from the Security Events     
  • Lab 1 Worksheet

Lab 2 – Drafting Incident Response Procedures

  • Logistics
  • Required Actions
  • Summary
  • Lab 2 Worksheet

Lab 3 – Identifying and Planning for your dependencies

  • Internal Dependencies
  • External Dependencies
  • Summary
  • Lab 3 Worksheet

Lab 4 – Testing your plan and using a feedback loop to future proof your response

  • Identifying metrics and implementing a feedback loop
  • Lab 4 Worksheet

Lab 5 – Drafting General Security Policies

  • Acceptable Use Policy

Lab 6 – Practicing Different Attack Vectors

  • Brute Force
  • Command Injection

Lab 7 – Deploy GRR Client and Gather Evidence

  • Deploy GRR Client
  • Gather Evidence from our GRR Client

Lab 8 – Creating Request Tracker Workflow

  • Request Tracker
  • Request Tracker for Incident Response

Lab 9 – Lessons Learned and Documentation

  • Lessons Learned Presentation

Lab 10 – Creating an Incident Handling Checklist

  • Create a Checklist

Lab 11 – Drafting Incident Response Recommendations for Improvements

  • Create a Memo for Improvements and Changes

Lab 12 – Sharing Agreements and Reporting Requirements

  • Questions about your organization’s information sharing


  • 12 months network technologies

  • Sound knowledge of networking and TCP/IP

  • Linux knowledge is essential.


  • Penetration Testers
  • Microsoft Administrator
  • Security Administrators
  • Active Directory Administrators
  • Anyone looking to learn more about security

5 Days Course

Class Dates

Remote Live

This class runs from 09:00 AM to 05:00 PM EST
Remote Live

This class runs from 09:00 AM to 05:00 PM EST

Loading ...