25,000+ Courses Nationwide
0345 4506120

Cyber Incident Response Management Foundation

Cyber attacks are now classed as the top threat to organisations. With the average cost of a cyber attack being £857,000 the financial implications for businesses are not something to ignore. It’s not just the financial loss but the damage to brand and reputation that businesses need to plan for.

This course will teach you the components of the cyber kill chain, recognise common cyber threats and understand common threat actors. Plus, how to define the structure, role and responsibilities of the cyber incident response team.

The benefits of the Cyber Incident Response Management Foundation Training course

Designed by experts

Designed by experienced cyber security consultants.

Reduce damage

Know how to identify the cause of an incident and reduce further damage.

Respond faster

Respond faster to a data breach or incident by knowing exactly what to do and how to do it.

Communication is key

Effectively and quickly communicate with all relevant parties.

Hands-on study

Participate in group discussions, practical exercises and case studies throughout the course.

Meet reporting deadlines

Meet incident reporting deadlines of the GDPR and NIS Regulations.

Who should attend this course?
Managers who are already involved in incident management with either an information security or data protection background. Individuals with little experience who are keen to enter the field or broaden their knowledge of cyber incident management with a professional qualification.

Job titles:

Business managers
Compliance managers
IT managers
Helpdesk managers
Project managers
Risk managers
Information security managers
ISO 27001 lead auditors

What’s included in this course?

  • A professional training venue with lunch and refreshments;
  • Full course materials (digital copy provided as a PDF file);
  • The Cyber incident Response Management exam; and
  • A certificate of attendance.

Course duration and times
Day 1: 9:00 am – 5.00 pm

Select specific date to see price, venue and full details.

Learning Objectives

  • Understand key definitions and legal requirements that underpin incident response.
  • Identify the components of the cyber kill chain, recognise common cyber threats and understand common threat actors.
  • Define the structure, role and responsibilities of the incident response team.
  • Comprehend the seven stages of incident response.
  • Propose the steps to formulate and test an incident response plan and define the scope of a business impact analysis.
  • Apply incident response techniques to common risk scenarios.
  • Know the role of cyber resilience in supporting incident response management.
  • Manage communications and reporting requirements under the General Data Protection Regulation (GDPR) and the Directive on security of network and information systems (NIS Directive).


What equipment should I bring?
The exam is an online exam. You will need to bring a ‘pop-up enabled’ laptop/tablet to the venue. Full details on how to access the exam will be provided by email 1–2 days before sitting the exam.

There are no formal entry requirements but this is a professional course. It is assumed that attendees will have a good general understanding of cyber security principles and controls that underpin the protection of confidentiality, integrity and availability of data, gained through practical experience or reading.

Course Content

  • What is incident response management?
  • Cyber risk
  • The cyber incident response team
  • The cyber incident response process
  • The cyber incident response plan
  • Cyber incident response scenarios
  • Scenario practical exercise
  • Cyber resilience

Exams & Certification

CPD/CPE points
This course is equivalent to 7 CPD/CPE points.

The Cyber incident Response Management exam
Attendees take the CIRM F, ISO 17024-certificated, exam at the end of the course. This is a one-hour multiple-choice online exam, consisting of 40 questions. Candidates need to achieve a minimum of 65% to pass. There is no extra charge for taking the exam.

What qualifications will I receive?
Cyber Incident Response Management (CIRM F).

How will I receive my exam results and certificates?
Provisional exam results will be available immediately on completion of the exam. Confirmed exam results will be issued within ten working days from the date of the exam.

Certificates for those who have achieved a passing grade will be issued within ten working days from the date of the exam.

Results notifications and certificates are sent directly to candidates by the relevant exam board in electronic format; please note that hard copy exam certificates are not issued.

Can exams be retaken?
Yes, if you are unsuccessful on the first attempt you can retake the exam for an additional fee. You can email us to schedule the retest for the exam.


Is there any recommended reading?
We would recommended purchasing one or more of the following:

  • True Cost of Information Security Breaches and Cyber Crime
  • Assessing Information Security - Strategies, Tactics, Logic and Framework
  • Disaster Recovery and Business Continuity

Related Courses

Privacy Notice

In order to provide you with the service requested we will need to retain and use your contact information in accordance with our Privacy Notice. If you choose to provide us with this information you explicitly consent to us using the information as necessary to provide the requested service to you. If you do not agree please do not proceed to request the service from us.

Marketing Permissions

Would you like to receive our newsletter and other information on products and services which we think will be of interest to you by email. We will always treat your information with care and in accordance with our Privacy Notice. You are free to withdraw this permission at any time.


We work with the best