Preferred method of contact:

Cyber Incident Planning & Response — GCHQ Certified Training



Course Number



1 Day

PDF Add to WishList

Organisations continue to suffer from external and internal attacks yet Cyber Incident Management is an afterthought in most companies. This course will enable you to prepare a defined and managed approach when responding to a data breach or attack of an information asset. The content is intended for senior management and business executives who wish to gain a better understanding of incident response or are responsible for helping organizations plan and prepare for potential cyber threats and effectively deal with actual cyber-attacks. This is not a technical course therefore there are no prerequisites.

You Will Learn How To

  • The latest techniques and insight on incident response.
  • Threat Intelligence led testing and response framework adopted by leading governments and institutions.
  • Deep dive into Cyber Kill Chain and design an early warning system to lower discovery time from months to days
  • Create actionable plans & checklists
  • Understand, define and baseline “Normal” within your organisation.
  • Stop up to 90% of all cyber attackers in their tracks and before they breach your critical data.
  • Design and implement a response framework and build an effective cyber response team.
  • Secrets of managing TV reporters and media journalists.
  • The “golden hour” and why it’s critical to managing an incident.
  • Basic application of incident triage, OODA and the Diamond Methodology.
  • Analyse recent attacks and learn how these attacks avoided detection.
  • Learn about security incident orchestration and how it can help reduce your time to respond and reduce human error
  • Learn how to automate critical incident response tasks to increase employee efficiency
  • Learn how to run effective table top exercises with management and your technical teams
  • Learn how to assess your organisations breach readiness

Important Course Information

  • GCHQ Certified Training and Exam Information

    • This is a GCHQ Certified Training (GCT) course. GCHQ Certified Training has been recognised for excellence by a UK Government developed cyber security scheme. GCT is part of the UK Government’s initiative to address the shortage of skilled cyber security professionals. The GCT scheme is underpinned by the industry respected IISP framework and assesses the quality of the course materials and the Instructors’ delivery of the course against GCHQ’s exacting standards.
    • Successful completion of the end of course exam will gain you an independent APMG-International GCT certification award.
    • The course is being delivered by UK Government's GCHQ Certified Cyber Security trainer Amar Singh. Amar Singh has served as CISO for various companies, including News International (now News UK), SABMiller, Gala Coral, Euromoney and Elsevier. Amar, amongst various other activities, is a Global Chief Information Security Officer and Trusted Advisor to a number of organisations including a FTSE 100 Firm and is Chair of the ISACA UK Security Advisory Group.
    • This course is accredited by APMG and you have the opportunity to take the Certified Training Exam. At the end of the course day the instructor will give you some homework to help you prepare you for the examination, and Client Services will book you a Proctored Exam session which you can schedule at your convenience. Passing the exam will make you eligible for the GCT e-certificate and digital badge.

Course Outline

  • Interactive Group Activities

Breach notification

Before the Incident Mind Map underpin an effective breach ready

After the Incident Mind Map organisation.


Crown Jewels

Process Workflows

The Cyber Kill Chain

Go Destroy

Log Data Analysis

Press Interview Scenarios

Crisis Comms Plan

Client and PR Communication Templates

  • Understanding Threat Actors

Threat Actors in Detail

Threat Agents Intent & Attributes

Detection and Response Strategies

  • Automating Incident Management & Response

What is incident orchestration

Using incident orchestration to significantly reduce time to - respond to data breaches

How to semi-automate and fully automate incident management

Using incident orchestration to empower and up skill existing staff

Incident orchestration as Force Multiplier

Using orchestration to increase compliance to - Forensic Principles regulations like GDPR - Seizing Evidence

  • Defining Normal

Identifying Critical Systems and Assets

Understanding and Building the Organisational Baseline

Interactive session on applying these principles

Strategies in understanding operational weaknesses

Defining high level cyber response process workflows

  • The Technologies

Understanding the technologies that underpin an effective breach ready organisation

Analysis of core technology requirements

  • The Cyber Kill Chain

Methods of Attack

Analysis of the Cyber Kill Chain

Review of Recent High Profile Attacks

Strategies to counter the Cyber Kill Chain

  • Triage, Detection & Monitoring


The Golden Hour

Log Management

  • The Checklist

Creating/ adopting the checklist

Incident management checklist

Using the check list to beat the hackers!

  • Intelligence Led Incident Response

Detailed why and how

Actionable Threat intelligence

  • Forensics & Investigations


Forensic Principles

Seizing Evidence

  • Public Relations

Crisis Comms Plans Management

Social Media & PR Key Steps

PR Case Study

Breach notification

  • Building the Team

Stakeholders - Who are they?

Legal, Compliance and Notifications

Show complete outline
Show Less

Convenient Ways to Attend This Instructor-Led Course

In the Classroom

Live, Online

Private Team Training

In the Classroom — OR — Live, Online

Tuition Fee — Standard: £649  

11 May ( 1 Day)
9:00 AM - 4:30 PM BST
Online (AnyWare) Online (AnyWare) Reserve Your Seat

26 Oct ( 1 Day)
9:00 AM - 4:30 PM GMT
London / Online (AnyWare) London / Online (AnyWare) Reserve Your Seat

15 Mar ( 1 Day)
9:00 AM - 4:30 PM GMT
London / Online (AnyWare) London / Online (AnyWare) Reserve Your Seat

Guaranteed to Run

When you see the "Guaranteed to Run" icon next to a course event, you can rest assured that your course event — date, time — will run. Guaranteed.

Private Team Training

Enrolling at least 3 people in this course? Consider bringing this (or any course that can be custom designed) to your preferred location as a private team training.

For details, call 0800 282 353 or Click here »

This event has been added to your cart.

Tuition Fee


In Classroom or



Private Team Training

Contact Us »

Training Hours

Standard class hours:
9:00 a.m. - 4:30 p.m.

Last day class hours:
9:00 a.m. - 3:30 p.m.

Free Course Exam – Last Day:
3:30 p.m. - 4:30 p.m.

Each class day:
Informal discussion with instructor about your projects or areas of special interest:
4:30 p.m. - 5:30 p.m.

- ,

Chat Now

Please Choose a Language

Canada - English

Canada - Français