Preferred method of contact:

Cyber Incident Planning & Response — GCHQ Certified Training



Course Number



1 Day
Request Team Training

PDF Add to WishList

Organisations continue to suffer from external and internal attacks yet Cyber Incident Management is an afterthought in most companies. This course will enable you to prepare a defined and managed approach when responding to a data breach or attack of an information asset. The content is intended for senior management and business executives who wish to gain a better understanding of incident response or are responsible for helping organizations plan and prepare for potential cyber threats and effectively deal with actual cyber-attacks. This is not a technical course therefore there are no prerequisites.

You Will Learn How To

  • The latest techniques and insight on incident response.
  • Threat Intelligence led testing and response framework adopted by leading governments and institutions.
  • Deep dive into Cyber Kill Chain and design an early warning system to lower discovery time from months to days
  • Create actionable plans & checklists
  • Understand, define and baseline “Normal” within your organisation.
  • Stop up to 90% of all cyber attackers in their tracks and before they breach your critical data.
  • Design and implement a response framework and build an effective cyber response team.
  • Secrets of managing TV reporters and media journalists.
  • The “golden hour” and why it’s critical to managing an incident.
  • Basic application of incident triage, OODA and the Diamond Methodology.
  • Analyse recent attacks and learn how these attacks avoided detection.
  • Learn about security incident orchestration and how it can help reduce your time to respond and reduce human error
  • Learn how to automate critical incident response tasks to increase employee efficiency
  • Learn how to run effective table top exercises with management and your technical teams
  • Learn how to assess your organisations breach readiness

Important Course Information

  • GCHQ Certified Training and Exam Information

    • This is a GCHQ Certified Training (GCT) course. GCHQ Certified Training has been recognised for excellence by a UK Government developed cyber security scheme. GCT is part of the UK Government’s initiative to address the shortage of skilled cyber security professionals. The GCT scheme is underpinned by the industry respected IISP framework and assesses the quality of the course materials and the Instructors’ delivery of the course against GCHQ’s exacting standards.
    • Successful completion of the end of course exam will gain you an independent APMG-International GCT certification award.
    • The course is being delivered by UK Government's GCHQ Certified Cyber Security trainer Amar Singh. Amar Singh has served as CISO for various companies, including News International (now News UK), SABMiller, Gala Coral, Euromoney and Elsevier. Amar, amongst various other activities, is a Global Chief Information Security Officer and Trusted Advisor to a number of organisations including a FTSE 100 Firm and is Chair of the ISACA UK Security Advisory Group.
    • This course includes an optional APMG GCHQ Certified Training Exam, available with an additional £150 surcharge. Please contact us for any questions or to book.

Course Outline

  • Interactive Group Activities

Breach notification

Before the Incident Mind Map underpin an effective breach ready

After the Incident Mind Map organisation.


Crown Jewels

Process Workflows

The Cyber Kill Chain

Go Destroy

Log Data Analysis

Press Interview Scenarios

Crisis Comms Plan

Client and PR Communication Templates

  • Understanding Threat Actors

Threat Actors in Detail

Threat Agents Intent & Attributes

Detection and Response Strategies

  • Automating Incident Management & Response

What is incident orchestration

Using incident orchestration to significantly reduce time to - respond to data breaches

How to semi-automate and fully automate incident management

Using incident orchestration to empower and up skill existing staff

Incident orchestration as Force Multiplier

Using orchestration to increase compliance to - Forensic Principles regulations like GDPR - Seizing Evidence

  • Defining Normal

Identifying Critical Systems and Assets

Understanding and Building the Organisational Baseline

Interactive session on applying these principles

Strategies in understanding operational weaknesses

Defining high level cyber response process workflows

  • The Technologies

Understanding the technologies that underpin an effective breach ready organisation

Analysis of core technology requirements

  • The Cyber Kill Chain

Methods of Attack

Analysis of the Cyber Kill Chain

Review of Recent High Profile Attacks

Strategies to counter the Cyber Kill Chain

  • Triage, Detection & Monitoring


The Golden Hour

Log Management

  • The Checklist

Creating/ adopting the checklist

Incident management checklist

Using the check list to beat the hackers!

  • Intelligence Led Incident Response

Detailed why and how

Actionable Threat intelligence

  • Forensics & Investigations


Forensic Principles

Seizing Evidence

  • Public Relations

Crisis Comms Plans Management

Social Media & PR Key Steps

PR Case Study

Breach notification

  • Building the Team

Stakeholders - Who are they?

Legal, Compliance and Notifications

Show complete outline
Show Less

Exclusive Private Team Training Course

Enhance your team's effectiveness and boost productivity with this course, delivered privately to your organization or to any preferred location, including options for hybrid or all-virtual delivery via AnyWare.

This training course could be customized, and combined with other courses, to meet the specific needs of your team's training.

Preferred method of contact:

- ,


Please Choose a Language

Canada - English

Canada - Français