Details & Programme

This training course is not a technical response, but looks at the actions organisations can take to prepare themselves, and how they should manage a cyber incident, including very importantly, how to manage communications associated with the incident. It will also look at the types of cyber attacks, the cyber landscape and how to exercise your cyber response plan. 

Delegates will learn how to prepare their organisation, how to develop an effective response and how to manage an incident should it occur.

This course was initially delivered over one day, however due to overwhelming student feedback, it has been expanded to a two day course. The course is based on good practice from a variety of government and private organisations.

Day 1

Start	Finish	Subject Area	Detail
0900	1000	Introduction
1000	1045	Module 1 - Cyber incident landscape and threats	Number of cyber case studies  What are the different types of cyber threats? Who are the threat actors? What are the threat vectors?     Cyber incident impacts Similarities and differences when comparing cyber incidents to other crisis events
1045	1100	Break
1100	1230	Module 2 - Prepare	Technical preparation and different defence strategies Regulatory framework and organisations involved in cyber response  Cyber risk assessment, understanding your organisation's vulnerability and level of preparedness External help available: cyber insurance, intelligence and technical response consultants
1230	1330	Lunch
1330	1530	Module 3 - Prepare cont.	Reviewing and developing your cyber policy and guidance Developing cyber incident management response plans and playbooks How cyber fits with existing IT service continuity plans, crisis management, business continuity and disaster recovery plans
1530	1540	Break
1540	1700	Module 4 - Group Work	Group work – Understanding the threats and levels of preparedness

Day 2

Start	Finish	Subject Area	Detail
0900	0930	Review of day one
0930	1045	Module 5 - Response	React, Respond, Resolve framework for managing cyber incidents Identifying a cyber incident Cyber impact assessment Reporting to regulatory bodies  Ransomware, to pay or not to pay? Recovery actions
1045	1100	Break
1100	1230	Module 6 - Response (Communications during a cyber incident)	Communications case study Managing your organisation's communications with customers, stakeholders and the media Developing a communications strategy Cyberattack victim or villain?
1230	1330	Lunch
1330	1515	Module 7 - Exercising Cyber Plans	Developing a cyber exercise Cyber exercise scenarios Styles of exercise Exercising different levels within the organisation Simulating the threat Making exercises realistic Hints and tips for successful exercises
1515	1530	Break
1530	1630	Module 8 - Practical exercise	Hands-on, running a cyber exercise
1630	1700	Course review

Download a PDF of the course details >