incident handler

An incident handler’s guidebook to recover after a data-breach

Who is an incident handler?

In lieu of a cyber incident, an incident handler is responsible for planning, managing, coordinating, and communicating with other staff to contain and mitigate the after-effects of an incident. An incident handler is needed when an organization has an online presence that collects and stores sensitive data and/or is susceptible to a security breach.

Two must-have skills of an incident handler

1. They handle and respond to cloud security incidents

The latest reports show that the use of cloud solutions has increased by 54.6% in organizations. With the spike in the adoption of cloud-based services, it is imperative that organizations are equipped to handle any cyber incidents related to the cloud. This is considering the fact that there is a 300% increase in cloud-based attacks, as per 2017’s Microsoft report.

Module 8 of EC-Council Certified Incident Handler (E|CIH) is dedicated to ‘Handling and Responding to Cloud Security Incidents.’ It also introduces cloud-based attack detection tools like Tripwire.

2. They handle and respond to email security incidents

The importance of email security has risen immensely over the years, especially spear phishing attacks accounting for 91% of all cyberattacks. Such attacks required a skilled incident handler to deal with the situation. The incident handler must be well-versed with various phishing scenarios and other email security threats. They should be able to implement powerful anti-phishing tools and device a strong strategy to deal with these incidents.

Module 5 of E|CIH, ‘Handling and Responding to Email Security Incidents,’ trains you to handle all types of phishing attacks. The module separately covers two of the most critical anti-phishing tools, which are Gophish and SPAMfighter.

5 Steps to handle a cyber incident

Maintaining an incident handling plan is critical to ensure a well-rounded incident handling and response plan. Here is a five-step process, as laid out by the ISO/IEC Standard 27035

Step 1: Prepare

To deal with multiple forms of cyber incidents requires one to be prepared. This means having a dedicated team in place.

Step 2: Identify

It goes without saying that identifying an incident is extremely critical to be able to handle it efficiently. All suspicious activity must be reported immediately.

Step 3: Assess

The incident must first be assessed to determine a suitable plan. Categorizing what the incident is will help the team plan what action must be taken.

Step 4: Respond

Based on the assessment, appropriate steps must be taken to ensure business continuity and minimal loss.

Step 5: Learn

Documentation of the incident in detail is highly important for future use.

Tips for a professional incident handler

1. Maintain checklists and templates:

Have different checklists and templates in place. This step will be useful for operational maintenance response. The team might need to deal with different configurations, which requires separate guides for start-up, shutdown, restoration, and more.

2. Report financial metrics:

Report the management and concerned stakeholders regarding financial metrics. The management and stakeholders should be aware of the recovery cost savings and the level of productivity.

3. Regularly test and update the IH&R plan:

Regularly test and evaluate your IR plan. It’s crucial that you analyze what did and didn’t go well with the existing plan. To check your IR plan, you can start with a paper test, tabletop exercises, and simulated attacks.

Do you want to be an incident handler and work on a containment plan to reduce the cost of damage and mitigate further incidents? Join the industry-recognized credential program, EC-Council Certified Incident Handler (E|CIH). The latest iteration of E|CIH program has been developed in collaboration with cybersecurity and incident handling response practitioners across the globe.


What does an incident handler do?

Incident handlers are responsible for managing a chaotic situation after a cyber attack. The professional will plan, manage, coordinate, and communicate with other staff to contain and mitigate the after-effects of an incident. All the job responsibilities of an incident handler must comply with the already devised incident response plan (IRP).

Read more: 4 Types of incidents that a proactive incident handler should be able to address 

What are the six steps of an incident response plan?

Phase I—Preparation
Phase II—Identification
Phase III—Containment
Phase IV—Eradication
Phase V—Recovery
Phase VI—Lessons Learned

Read more: Phases of an incident response plan

What is an incident response plan?

An Incident Response Plan is a detailed document containing every detail that an incident handler should follow if the business should fall victim to a cyber threat.

Read more: Best incident response practices for your organization

get certified from ec-council
Write for Us