Details & Programme

Over the last few years the number of cyber incidents has grown, affecting organisations large and small. High profile incidents such as Sony, TalkTalk, and the Petya and NHS ransomware attacks, have had a major impact on the operations and reputation of the organisations.

"Thankfully, we now live in a world where it is accepted that data breaches happen and organisations are more comfortable disclosing that they have been victim to an attack. However, with this welcome move away from victim blaming, organisations are now being judged more on how well they manage a breach." - Brian Honan, ComputerWeekly

This training course is not a technical response, but looks at the actions organisations can take to prepare themselves, and how they should manage a cyber incident, including very importantly, how to manage communications associated with the incident. It will also look at the types of cyber attacks, the cyber landscape and how to exercise your cyber response plan.

Delegates will learn how to prepare their organisation, how to develop an effective response and how to manage an incident should it occur.

The course is based on good practice from a variety of government and private organisations. This course has been certified by GCHQ and is the only certified course which deals with reputational issues associated with the preparing for and responding to a cyber incident.

Day 1

Start	Finish	Subject Area	Detail
0900	0940	Introductions and introductory exercise
0940	1120	Module 1: Cyber Threats and Landscape	Definitions Number of different case studies Different types of cyber threats Who are the different threat actors? What are the threat vectors Cyber incident impacts Cyber threats to your industry
1120	1135	Break
1135	1155	Cyber video and discussion
1155	1240	Module 2: Prepare - Understanding your vulnerabilities and risks	Understanding your organisation’s vulnerabilities Questions to ask to understand your information security culture, cyber preparation and awareness Incident reporting helpline Measuring cyber preparation and maturity Understanding what you have to lose and conducting a cyber data risk assessment
1240	1325	Lunch
1325	1455	Module 3: Prepare - Developing a cyber incident response framework	Reviewing and developing your cyber policy and guidance Developing a cyber incident response team Developing scenario responses Developing decision and scenario based playbooks Third party support, insurance and cyber intelligence
1455	1605	Module 4: Prepare - Awareness and Cyber Exercises	What do senior managers need to know about cyber Cyber exercise scenarios Styles of exercises Exercising at different levels within the organisation Making exercises realistic Hints and tips for successful exercises
1605	1630	Review of the day

Please note timings are indicative as the exact timings for each day may change due to students interest and experience in certain subjects. The course may finish earlier than 4.30pm if all topics have been covered.

Day 2

Start	Finish	Subject Area	Detail
0900	0930	Review of day one
0930	1015	Module 5: Respond - Overview of incident management and technical cyber response	Incident response overview - what are we trying to achieve Difference between a cyber and a 'normal' incident
1015	1045	Technical Cyber Response	React, Respond, Resolve framework for managing incidents Identifying the cyber incident Triaging incidents Cyber impact assessment Kill Chains and Diamond Model Forensics, investigations and third-party response
1045	1100	Break
1100	1200	Module 6: Respond - Executive Incident Management	Situational awareness and OODA loop Use of situation - direction - action Incident decision making Information management Setting of incident objectives Statutory and regulatory reporting including GDPR requirements
1200	1230	Module 7: Respond - Crisis Communications and Reputation Management	Communications case study- Equifax Communications pre-incident preparation Managing your organisation's communications with customers, stakeholders and the media Stakeholder information requirements Developing a communications strategy Cyber attack 'victim or villain'
1230	1315	Lunch
1315	1415	Communications continued
1415	1445	Module 8: Recovery - Using existing BC plans to recover operations	Use of existing business continuity plans, DR and crisis plans to help lessen the impact of the incident
1445	1600	Final response exercise	Exercise Athena - opportunity to bring all the knowledge together during an exercise
1600	1630	Course Review and final points

Please note timings are indicative as the exact timings for each day may change due to students interest and experience in certain subjects. The course may finish earlier than 4.30pm if all topics have been covered.

Download a PDF of the course details >