25,000+ Courses Nationwide
0345 4506120

Cyber Incident Planning & Response — GCHQ Certified Training

Organisations continue to suffer from external and internal attacks yet Cyber Incident Management is an afterthought in most companies. This course will enable you to prepare a defined and managed approach when responding to a data breach or attack of an information asset. The content is intended for senior management and business executives who wish to gain a better understanding of incident response or are responsible for helping organizations plan and prepare for potential cyber threats and effectively deal with actual cyber-attacks.

Select specific date to see price, venue and full details.

Learning Objectives

You Will Learn How To

  • The latest techniques and insight on incident response.
  • Threat Intelligence led testing and response framework adopted by leading governments and institutions.
  • Deep dive into Cyber Kill Chain and design an early warning system to lower discovery time from months to days
  • Create actionable plans & checklists
  • Understand, define and baseline “Normal” within your organisation.
  • Stop up to 90% of all cyber attackers in their tracks and before they breach your critical data.
  • Design and implement a response framework and build an effective cyber response team.
  • Secrets of managing TV reporters and media journalists.
  • The “golden hour” and why it’s critical to managing an incident.
  • Basic application of incident triage, OODA and the Diamond Methodology.
  • Analyse recent attacks and learn how these attacks avoided detection.
  • Learn about security incident orchestration and how it can help reduce your time to respond and reduce human error
  • Learn how to automate critical incident response tasks to increase employee efficiency
  • Learn how to run effective table top exercises with management and your technical teams
  • Learn how to assess your organisations breach readiness


This is not a technical course therefore there are no prerequisites.

Course Content

Course Outline

Interactive Group Activities

Breach notification

Before the Incident Mind Map underpin an effective breach ready

After the Incident Mind Map organisation.


Crown Jewels

Process Workflows

The Cyber Kill Chain

Go Destroy

Log Data Analysis

Press Interview Scenarios

Crisis Comms Plan

Client and PR Communication Templates

Understanding Threat Actors

Threat Actors in Detail

Threat Agents Intent & Attributes

Detection and Response Strategies

Automating Incident Management & Response

What is incident orchestration

Using incident orchestration to significantly reduce time to - respond to data breaches

How to semi-automate and fully automate incident management

Using incident orchestration to empower and up skill existing staff

Incident orchestration as Force Multiplier

Using orchestration to increase compliance to - Forensic Principles regulations like GDPR - Seizing Evidence

Defining Normal

Identifying Critical Systems and Assets

Understanding and Building the Organisational Baseline

Interactive session on applying these principles

Strategies in understanding operational weaknesses

Defining high level cyber response process workflows

The Technologies

Understanding the technologies that underpin an effective breach ready organisation

Analysis of core technology requirements

The Cyber Kill Chain

Methods of Attack

Analysis of the Cyber Kill Chain

Review of Recent High Profile Attacks

Strategies to counter the Cyber Kill Chain

Triage, Detection & Monitoring


The Golden Hour

Log Management

The Checklist

Creating/ adopting the checklist

Incident management checklist

Using the check list to beat the hackers!

Intelligence Led Incident Response

Detailed why and how

Actionable Threat intelligence

Forensics & Investigations


Forensic Principles

Seizing Evidence

Public Relations

Crisis Comms Plans Management

Social Media & PR Key Steps

PR Case Study

Breach notification

Building the Team

Stakeholders - Who are they?

Legal, Compliance and Notifications

Exams & Certification

GCHQ Certified Training and Exam Information:

  • This is a GCHQ Certified Training (GCT) course. GCHQ Certified Training has been recognised for excellence by a UK Government developed cyber security scheme. GCT is part of the UK Government’s initiative to address the shortage of skilled cyber security professionals. The GCT scheme is underpinned by the industry respected IISP framework and assesses the quality of the course materials and the Instructors’ delivery of the course against GCHQ’s exacting standards.
  • Successful completion of the end of course exam will gain you an independent APMG-International GCT certification award.
  • The course is being delivered by UK Government's GCHQ Certified Cyber Security trainer Amar Singh.  Amar Singh has served as CISO for various companies, including News International (now News UK), SABMiller, Gala Coral, Euromoney and Elsevier. Amar, amongst various other activities, is a Global Chief Information Security Officer and Trusted Advisor to a number of organisations including a FTSE 100 Firm and is Chair of the ISACA UK Security Advisory Group.
  • This course includes an optional APMG GCHQ Certified Training Exam, available with an additional £150 surcharge.  Please contact us for any questions or to book.

Related Courses

Privacy Notice

In order to provide you with the service requested we will need to retain and use your contact information in accordance with our Privacy Notice. If you choose to provide us with this information you explicitly consent to us using the information as necessary to provide the requested service to you. If you do not agree please do not proceed to request the service from us.

Marketing Permissions

Would you like to receive our newsletter and other information on products and services which we think will be of interest to you by email. We will always treat your information with care and in accordance with our Privacy Notice. You are free to withdraw this permission at any time.


We work with the best