Details & Programme
This training course is not a technical response, but looks at the actions organisations can take to prepare themselves, and how they should manage a cyber incident, including very importantly, how to manage communications associated with the incident. It will also look at the types of cyber attacks, the cyber landscape and how to exercise your cyber response plan.
Delegates will learn how to prepare their organisation, how to develop an effective response and how to manage an incident should it occur.
This course was initially delivered over one day, however due to overwhelming student feedback, it has been expanded to a two day course. The course is based on good practice from a variety of government and private organisations.
|0900||0940||Introductions and introductory exercise|
|0940||1120||Module 1: Cyber Threats and Landscape||Definitions
Number of different case studies
Different types of cyber threats
Who are the threat actors?
What are the threat vectors?
Cyber incident impacts
Threats to different industries
|1135||1155||Cyber video and discussion|
|1155||1240||Module 2: Prepare - Understanding your vulnerabilities and risks||Understanding your organisation’s vulnerabilities
Questions to ask to understand your information security culture, cyber preparation and awareness
Incident reporting helpline
Measuring cyber preparation and maturity
Understanding what you have to lose when conducting a cyber data risk assessment
|1325||1455||Module 3: Prepare - Developing a cyber incident response framework||Reviewing and developing your cyber policy and guidance
Developing a cyber incident response team
Developing scenario responses
Developing decision and scenario based playbooks
Third party support insurance and cyber intelligence
|1455||1555||Module 4: Prepare - Awareness and Cyber Exercises||Prompting staff awareness
Cyber exercise scenarios
Styles of exercises
Exercising at different levels within the organisation
Making exercises realistic
Hints and tips for successful exercises
|1555||1630||Review of the day|
|0900||0930||Review of day one|
|0930||1015||Module 5: Respond - Overview of incident management and technical cyber response||Incident response overview - what are we trying to achieve?
Difference between a cyber and a 'normal' incident
|1015||1045||Technical Cyber Response||React, Respond, Resolve framework for managing
Identifying the cyber incident
Cyber impact assessment
Kill Chains and Diamond Model
Forensics, investigations and third-party response
|1100||1200||Module 6: Respond - Executive Incident Management||Situational awareness and OODA loop
Use of situation - direction - action
Incident decision making
Setting of incident objectives
Statutory and regulatory reporting including GDPR requirements
|1200||1230||Module 7: Respond - Crisis Communications and Reputation Management||Communications case study
Communications pre-incident preparation
Managing your organisation's communications with customers, stakeholders and the media
Stakeholder information requirements
Developing a communications strategy
Cyber attack 'victim or villain'
|1415||1445||Module 8: Recovery - Using existing BC plans to recover operations||Use of existing business continuity plans, DR and crisis plans to help lessen the impact of the incident|
|1445||1530||Final response exercise|
Completing this course will enable you to:
- Understand the different types of cyber attack and cyber incident landscape
- Look at the preparation which can be carried out prior to a cyber incident occurring
- Create a cyber playbook
- Identify the responses and issues associated with responding to a cyber attack
- Plan and run a cyber exercise
Who Should Attend?
- BC and resilience managers
- IT managers
- Members of crisis management teams or those responsible for crisis management
MA (Hons), PgD, FBCI, FEPS, CBCI
Please contact the BC Training team on 01253 542650 or email firstname.lastname@example.org, should you wish to discuss options for delivering this course in-house at your organisation.