Organisations continue to suffer from external and internal attacks yet Cyber Incident Management is an afterthought in most companies. This course will enable you to prepare a defined and managed approach when responding to a data breach or attack of an information asset. The content is intended for senior management and business executives who wish to gain a better understanding of incident response or are responsible for helping organizations plan and prepare for potential cyber threats and effectively deal with actual cyber-attacks.
Select specific date to see price, venue and full details.
Learning Objectives
You Will Learn How To
- The latest techniques and insight on incident response.
- Threat Intelligence led testing and response framework adopted by leading governments and institutions.
- Deep dive into Cyber Kill Chain and design an early warning system to lower discovery time from months to days
- Create actionable plans & checklists
- Understand, define and baseline “Normal” within your organisation.
- Stop up to 90% of all cyber attackers in their tracks and before they breach your critical data.
- Design and implement a response framework and build an effective cyber response team.
- Secrets of managing TV reporters and media journalists.
- The “golden hour” and why it’s critical to managing an incident.
- Basic application of incident triage, OODA and the Diamond Methodology.
- Analyse recent attacks and learn how these attacks avoided detection.
- Learn about security incident orchestration and how it can help reduce your time to respond and reduce human error
- Learn how to automate critical incident response tasks to increase employee efficiency
- Learn how to run effective table top exercises with management and your technical teams
- Learn how to assess your organisations breach readiness
Pre-Requisites
This is not a technical course therefore there are no prerequisites.
Course Content
Course Outline
Interactive Group Activities
Breach notification
Before the Incident Mind Map underpin an effective breach ready
After the Incident Mind Map organisation.
Checklists
Crown Jewels
Process Workflows
The Cyber Kill Chain
Go Destroy
Log Data Analysis
Press Interview Scenarios
Crisis Comms Plan
Client and PR Communication Templates
Understanding Threat Actors
Threat Actors in Detail
Threat Agents Intent & Attributes
Detection and Response Strategies
Automating Incident Management & Response
What is incident orchestration
Using incident orchestration to significantly reduce time to - respond to data breaches
How to semi-automate and fully automate incident management
Using incident orchestration to empower and up skill existing staff
Incident orchestration as Force Multiplier
Using orchestration to increase compliance to - Forensic Principles regulations like GDPR - Seizing Evidence
Defining Normal
Identifying Critical Systems and Assets
Understanding and Building the Organisational Baseline
Interactive session on applying these principles
Strategies in understanding operational weaknesses
Defining high level cyber response process workflows
The Technologies
Understanding the technologies that underpin an effective breach ready organisation
Analysis of core technology requirements
The Cyber Kill Chain
Methods of Attack
Analysis of the Cyber Kill Chain
Review of Recent High Profile Attacks
Strategies to counter the Cyber Kill Chain
Triage, Detection & Monitoring
OODA Loop
The Golden Hour
Log Management
The Checklist
Creating/ adopting the checklist
Incident management checklist
Using the check list to beat the hackers!
Intelligence Led Incident Response
Detailed why and how
Actionable Threat intelligence
Forensics & Investigations
Integrity
Forensic Principles
Seizing Evidence
Public Relations
Crisis Comms Plans Management
Social Media & PR Key Steps
PR Case Study
Breach notification
Building the Team
Stakeholders - Who are they?
Legal, Compliance and Notifications
Exams & Certification
GCHQ Certified Training and Exam Information:
- This is a GCHQ Certified Training (GCT) course. GCHQ Certified Training has been recognised for excellence by a UK Government developed cyber security scheme. GCT is part of the UK Government’s initiative to address the shortage of skilled cyber security professionals. The GCT scheme is underpinned by the industry respected IISP framework and assesses the quality of the course materials and the Instructors’ delivery of the course against GCHQ’s exacting standards.
- Successful completion of the end of course exam will gain you an independent APMG-International GCT certification award.
- The course is being delivered by UK Government's GCHQ Certified Cyber Security trainer Amar Singh. Amar Singh has served as CISO for various companies, including News International (now News UK), SABMiller, Gala Coral, Euromoney and Elsevier. Amar, amongst various other activities, is a Global Chief Information Security Officer and Trusted Advisor to a number of organisations including a FTSE 100 Firm and is Chair of the ISACA UK Security Advisory Group.
- This course includes an optional APMG GCHQ Certified Training Exam, available with an additional £150 surcharge. Please contact us for any questions or to book.