Incident Handler

The threat of cybercrime is the new reality and major concern for enterprises worldwide. Unfortunately, most organizations, don’t have a proactive approach to information security. Alarmingly, 76% of organizations globally do not have an Incident Response plan, making it difficult for them to reliably identify, contain and recover from a cyber-attack. An incident response plan prepares enterprises for both known and unknown threats.

Star Incident Handler Expert is a comprehensive certification training program designed to help learners acquire skills required to manage enterprise security incidents by understanding common attack techniques, vectors and tools, while avoiding common errors; thus, increasing both the effectiveness and efficiency of their incident response efforts.

The program introduces the learners to various incidents related to computer/information security, detailing all the aspects of incident handling from proper incident response management, to risk assessment and mitigation, to the techniques, policies and laws, further, to creating a proper incident response and recovery system for future. The purpose of SIHE is to help the learners master the skills they need to establish a successful career as an Incident Handler.


  • Intermediate

Course Objectives

In this course, you will learn about:

  • How to prepare secure incident response system and understand the threats associated with such systems
  • How to implement incident response system to prepare its defence against attacks
  • Creating recovery plan based on the past attacks and threats
  • Various network security incidents and malicious code incidents
  • Internal threats and how to manage them

Course Outcome

After competing this course, you will be able to:

  • Explain incident response in an enterprise environment
  • Develop an incident response plan and a response team
  • List the policies and laws related to incident handling
  • Manage the computer security related incidents and prepare for future risk mitigation, from malicious code attacks and threats associated
  • Help organizations built their own Incident Management Systems
  • Design a recovery plan and manage internal threats

Table Of Contents Outline

  • Exploring Incident Response System and Risk Analysis
  • Exploring Incident Handling Policies and Law
  • Exploring Incident Response Handling and Creating an Incident Response Team
  • Creating Incident Recovering Planning Documents
  • Use of Forensic Analysis in Incident Response
  • Identifying and Controlling Network Security Incidents
  • Identifying and Controlling Malicious Code Incidents
  • Managing Internal Threats


  • Lab 1 - How to implement GNU Privacy Guard (GnuPG)?
  • Lab 2 - How to perform Network Traffic Monitoring and Auditing using Ntopng and Nessus Home
  • Lab 3 - How to perform Network Traffic Monitoring and Auditing using Wireshark?
  • Lab 4 - How to perform Network Auditing using Snort
  • Lab 5 - How to Protect Network using iptables?
  • Lab 6 - How to perform Employee Monitoring by Spytech SpyAgent?
  • Lab 7 - How to Perform Forensic Analysis on Linux using Various Commands?
  • Lab 8 - How to use Sysinternals Suite to perform Forensic Analysis?