Details & Programme

This training course is not a technical response, but looks at the actions organisations can take to prepare themselves, and how they should manage a cyber incident, including very importantly, how to manage communications associated with the incident. It will also look at the types of cyber attacks, the cyber landscape and how to exercise your cyber response plan.

Delegates will learn how to prepare their organisation, how to develop an effective response and how to manage an incident should it occur.

This course was initially delivered over one day, however due to overwhelming student feedback, it has been expanded to a two day course. The course is based on good practice from a variety of government and private organisations.

Day 1

Start	Finish	Subject Area	Detail
0900	0940	Introductions and introductory exercise
0940	1120	Module 1: Cyber Threats and Landscape	Definitions Number of different case studies Different types of cyber threats Who are the threat actors? What are the threat vectors? Cyber incident impacts Threats to different industries
1120	1135	Break
1135	1155	Cyber video and discussion
1155	1240	Module 2: Prepare - Understanding your vulnerabilities and risks	Understanding your organisation’s vulnerabilities Questions to ask to understand your information security culture, cyber preparation and awareness Incident reporting helpline Measuring cyber preparation and maturity Understanding what you have to lose when conducting a cyber data risk assessment
1240	1325	Lunch
1325	1455	Module 3: Prepare - Developing a cyber incident response framework	Reviewing and developing your cyber policy and guidance Developing a cyber incident response team Developing scenario responses Developing decision and scenario based playbooks Third party support insurance and cyber intelligence
1455	1555	Module 4: Prepare - Awareness and Cyber Exercises	Prompting staff awareness Cyber exercise scenarios Styles of exercises Exercising at different levels within the organisation Making exercises realistic Hints and tips for successful exercises
1555	1630	Review of the day

Day 2

Start	Finish	Subject Area	Detail
0900	0930	Review of day one
0930	1015	Module 5: Respond - Overview of incident management and technical cyber response	Incident response overview - what are we trying to achieve? Difference between a cyber and a 'normal' incident
1015	1045	Technical Cyber Response	React, Respond, Resolve framework for managing incidents Identifying the cyber incident Triaging incidents Cyber impact assessment Kill Chains and Diamond Model Forensics, investigations and third-party response
1045	1100	Break
1100	1200	Module 6: Respond - Executive Incident Management	Situational awareness and OODA loop Use of situation - direction - action Incident decision making Information management Setting of incident objectives Statutory and regulatory reporting including GDPR requirements
1200	1230	Module 7: Respond - Crisis Communications and Reputation Management	Communications case study Communications pre-incident preparation Managing your organisation's communications with customers, stakeholders and the media Stakeholder information requirements Developing a communications strategy Cyber attack 'victim or villain'
1230	1315	Lunch
1315	1415	Communications continued
1415	1445	Module 8: Recovery - Using existing BC plans to recover operations	Use of existing business continuity plans, DR and crisis plans to help lessen the impact of the incident
1445	1530	Final response exercise
1530	1630	Course Review

Download a PDF of the course details >