NCSC Certified Managing & Preparing for Cyber Incidents

BCM-IT 2 Days £1,050.00 (+ VAT)

Course Overview/Dates

A two day non-technical course, aimed at preparing organisations to manage their cyber response at the strategic/crisis management level. Topics include cyber risk assessments, playbook development, GDPR reporting incidents and reputation management.

What's included?

  • Course slides and notes
  • Lunch and refreshments
  • Certificate of attendance

Course Dates

Dates Number of days Location Price
Mon 6 Sep 2021
London, UK £1,050.00 Book Reserve
Course tutor: To be confirmed
Venue: etc.venues - Marble Arch
Back to top

Details & Programme

Over the last few years the number of cyber incidents has grown, affecting organisations large and small. High profile incidents such as Sony, TalkTalk, and the Petya and NHS ransomware attacks, have had a major impact on the operations and reputation of the organisations.

"Thankfully, we now live in a world where it is accepted that data breaches happen and organisations are more comfortable disclosing that they have been victim to an attack. However, with this welcome move away from victim blaming, organisations are now being judged more on how well they manage a breach." - Brian Honan, ComputerWeekly

This training course is not a technical response, but looks at the actions organisations can take to prepare themselves, and how they should manage a cyber incident, including very importantly, how to manage communications associated with the incident. It will also look at the types of cyber attacks, the cyber landscape and how to exercise your cyber response plan.

Delegates will learn how to prepare their organisation, how to develop an effective response and how to manage an incident should it occur.

The course is based on good practice from a variety of government and private organisations. This course has been certified by NCSC and is the only certified course which deals with reputational issues associated with the preparing for and responding to a cyber incident.

Day 1

StartFinishSubject AreaDetail
09000940Introductions and introductory exercise
09401120Module 1: Cyber Threats and LandscapeDefinitions
Number of different case studies
Different types of cyber threats
Who are the different threat actors?
What are the threat vectors
Cyber incident impacts
Cyber threats to your industry
11351155Cyber video and discussion
11551240Module 2: Prepare - Understanding your vulnerabilities and risksUnderstanding your organisation’s vulnerabilities
Questions to ask to understand your information security culture, cyber preparation and awareness
Incident reporting helpline
Measuring cyber preparation and maturity
Understanding what you have to lose and conducting a cyber data risk assessment
13251455Module 3: Prepare - Developing a cyber incident response frameworkReviewing and developing your cyber policy and guidance
Developing a cyber incident response team
Developing scenario responses
Developing decision and scenario based playbooks
Third party support, insurance and cyber intelligence
14551605Module 4: Prepare - Awareness and Cyber ExercisesWhat do senior managers need to know about cyber
Cyber exercise scenarios
Styles of exercises
Exercising at different levels within the organisation
Making exercises realistic
Hints and tips for successful exercises
16051630Review of the day

Please note timings are indicative as the exact timings for each day may change due to students interest and experience in certain subjects. The course may finish earlier than 4.30pm if all topics have been covered.

Day 2

StartFinishSubject AreaDetail
09000930Review of day one
09301015Module 5: Respond - Overview of incident management and technical cyber response Incident response overview - what are we trying to achieve
Difference between a cyber and a 'normal' incident
10151045Technical Cyber Response React, Respond, Resolve framework for managing incidents
Identifying the cyber incident
Triaging incidents
Cyber impact assessment
Kill Chains and Diamond Model
Forensics, investigations and third-party response
11001200Module 6: Respond - Executive Incident Management Situational awareness and OODA loop
Use of situation - direction - action
Incident decision making
Information management
Setting of incident objectives
Statutory and regulatory reporting including GDPR requirements
12001230Module 7: Respond - Crisis Communications and Reputation ManagementCommunications case study- Equifax
Communications pre-incident preparation
Managing your organisation's communications with customers, stakeholders and the media
Stakeholder information requirements
Developing a communications strategy
Cyber attack 'victim or villain'
13151415Communications continued
14151445Module 8: Recovery - Using existing BC plans to recover operationsUse of existing business continuity plans, DR and crisis plans to help lessen the impact of the incident
14451600Final response exerciseExercise Athena - opportunity to bring all the knowledge together during an exercise
16001630Course Review and final points

Please note timings are indicative as the exact timings for each day may change due to students interest and experience in certain subjects. The course may finish earlier than 4.30pm if all topics have been covered.

PDF Download a PDF of the course details >
Back to top

Course Benefits

Completing this course will enable you to:

  • Understand the different types of cyber attack and cyber incident landscape
  • Look at the preparation which can be carried out prior to a cyber incident occurring
  • Create a cyber playbook
  • Identify the responses and issues associated with responding to a cyber attack
  • Plan and run a cyber exercise

What are the benefits of choosing NCSC Certified Training?

  • Individuals and organisations can easily and quickly identify high quality, relevant training
  • The course materials have been rigorously assessed against the exacting standards of NCSC
  • The quality of the trainers’ delivery and the course administration has been quality checked
  • NCSC is based on the industry-respected IISP Skills Framework
  • NCSC is invaluable for anyone seeking to acquire or improve their cyber security skills, including those seeking the NCSC's Certified Professional status (CCP)
  • NCSC certified courses identify training which delivers what it says it will
Back to top

Who Should Attend?

  • Business continuity and resilience managers
  • IT managers
  • CIOs and CTOs
  • Crisis managers
  • Members of crisis management teams or those responsible for crisis management and crisis communications
Back to top

In-house Options

Please contact the BC Training team on 01253 542650 or email, should you wish to discuss options for delivering this course in-house at your organisation.

Back to top


etc.venues - Marble Arch


etc.venues - Marble Arch
Garfield House
86 Edgware Road
London W2 2EA

+44 (0)20 7793 4200

Back to top


“Charlie [Maclean-Bristol] was a great tutor, both knowledgeable and approachable. A great course!”

Gary Stevenson
Student Loans Company

Overall course rating: 10/10


Back to top

Sign-up to our weekly bulletin

Twitter feed

Don’t do a Wilfred Owen – Look after yourself and those around you, as we see the beginning of the end of the pandemic

This week Charlie discusses why now more than ever, it is important to protect yourself and those around you.

15 January 2021

“The instructor was very knowledgeable and the training had a good mixture of learning activities. - Great work environment - Dynamic sessions - Good exercises”

Raul Rojas Gonzalez
View further testimonials