Details & Programme
Over the last few years the number of cyber incidents has grown, affecting organisations large and small. High profile incidents such as Sony, TalkTalk, and the Petya and NHS ransomware attacks, have had a major impact on the operations and reputation of the organisations.
"Thankfully, we now live in a world where it is accepted that data breaches happen and organisations are more comfortable disclosing that they have been victim to an attack. However, with this welcome move away from victim blaming, organisations are now being judged more on how well they manage a breach." - Brian Honan, ComputerWeekly
This training course is not a technical response, but looks at the actions organisations can take to prepare themselves, and how they should manage a cyber incident, including very importantly, how to manage communications associated with the incident. It will also look at the types of cyber attacks, the cyber landscape and how to exercise your cyber response plan.
Delegates will learn how to prepare their organisation, how to develop an effective response and how to manage an incident should it occur.
The course is based on good practice from a variety of government and private organisations. This course has been certified by GCHQ and is the only certified course which deals with reputational issues associated with the preparing for and responding to a cyber incident.
Day 1
| Start | Finish | Subject Area | Detail |
|---|---|---|---|
| 0900 | 0940 | Introductions and introductory exercise | |
| 0940 | 1120 | Module 1: Cyber Threats and Landscape | Definitions
Number of different case studies Different types of cyber threats Who are the different threat actors? What are the threat vectors Cyber incident impacts Cyber threats to your industry |
| 1120 | 1135 | Break | |
| 1135 | 1155 | Cyber video and discussion | |
| 1155 | 1240 | Module 2: Prepare - Understanding your vulnerabilities and risks | Understanding your organisation’s vulnerabilities
Questions to ask to understand your information security culture, cyber preparation and awareness Incident reporting helpline Measuring cyber preparation and maturity Understanding what you have to lose and conducting a cyber data risk assessment |
| 1240 | 1325 | Lunch | |
| 1325 | 1455 | Module 3: Prepare - Developing a cyber incident response framework | Reviewing and developing your cyber policy and guidance
Developing a cyber incident response team Developing scenario responses Developing decision and scenario based playbooks Third party support, insurance and cyber intelligence |
| 1455 | 1605 | Module 4: Prepare - Awareness and Cyber Exercises | What do senior managers need to know about cyber
Cyber exercise scenarios Styles of exercises Exercising at different levels within the organisation Making exercises realistic Hints and tips for successful exercises |
| 1605 | 1630 | Review of the day |
Please note timings are indicative as the exact timings for each day may change due to students interest and experience in certain subjects. The course may finish earlier than 4.30pm if all topics have been covered.
Day 2
| Start | Finish | Subject Area | Detail |
|---|---|---|---|
| 0900 | 0930 | Review of day one | |
| 0930 | 1015 | Module 5: Respond - Overview of incident management and technical cyber response | Incident response overview - what are we trying to achieve Difference between a cyber and a 'normal' incident |
| 1015 | 1045 | Technical Cyber Response | React, Respond, Resolve framework for managing
incidents
Identifying the cyber incident Triaging incidents Cyber impact assessment Kill Chains and Diamond Model Forensics, investigations and third-party response |
| 1045 | 1100 | Break | |
| 1100 | 1200 | Module 6: Respond - Executive Incident Management | Situational awareness and OODA loop
Use of situation - direction - action Incident decision making Information management Setting of incident objectives Statutory and regulatory reporting including GDPR requirements |
| 1200 | 1230 | Module 7: Respond - Crisis Communications and Reputation Management | Communications case study- Equifax Communications pre-incident preparation Managing your organisation's communications with customers, stakeholders and the media Stakeholder information requirements Developing a communications strategy Cyber attack 'victim or villain' |
| 1230 | 1315 | Lunch | |
| 1315 | 1415 | Communications continued | |
| 1415 | 1445 | Module 8: Recovery - Using existing BC plans to recover operations | Use of existing business continuity plans, DR and crisis plans to help lessen the impact of the incident |
| 1445 | 1600 | Final response exercise | Exercise Athena - opportunity to bring all the knowledge together during an exercise |
| 1600 | 1630 | Course Review and final points |
Please note timings are indicative as the exact timings for each day may change due to students interest and experience in certain subjects. The course may finish earlier than 4.30pm if all topics have been covered.
Download a PDF of the course details >
Course Benefits
Completing this course will enable you to:
- Understand the different types of cyber attack and cyber incident landscape
- Look at the preparation which can be carried out prior to a cyber incident occurring
- Create a cyber playbook
- Identify the responses and issues associated with responding to a cyber attack
- Plan and run a cyber exercise
What are the benefits of choosing GCHQ Certified Training (GCT)?
- Individuals and organisations can easily and quickly identify high quality, relevant training
- The course materials have been rigorously assessed against the exacting standards of GCHQ
- The quality of the trainers’ delivery and the course administration has been quality checked
- GCT is based on the industry-respected IISP Skills Framework
- GCT is invaluable for anyone seeking to acquire or improve their cyber security skills, including those seeking the NCSC's Certified Professional status (CCP)
- GCT certified courses identify training which delivers what it says it will
Who Should Attend?
- Business continuity and resilience managers
- IT managers
- CIOs and CTOs
- Crisis managers
- Members of crisis management teams or those responsible for crisis management and crisis communications
In-house Options
Please contact the BC Training team on 01253 542650 or email info@b-c-training.co.uk, should you wish to discuss options for delivering this course in-house at your organisation.
Download Details
Testimonials
“Charlie [Maclean-Bristol] was a great tutor, both knowledgeable and approachable. A great course!”
Gary Stevenson
Student Loans Company2020
