Cyber Crisis Management Training

Intended Audience

This course is intended for professionals seeking to widen their understanding on cyber incident response and crisis management. It is open to all but particularly suited to Cyber Security Managers, Chief Information Security Officers, IT incident responders seeking to develop their understanding of crisis management procedures and Crisis / Business continuity professionals or risk management personnel with responsibility for preparing the response to a potential cyber crisis.

Required Skills & Expertise

No particular skills or expertise are required. There are some high level technical components in the Cyber Incident Response modules but these are intended to be understood by all.

Program

The program is divided into 4 modules, which are given in a two-day course. After completing the course, each participant is rewarded with a certificate.

Day 1

Module 1: Crisis Management Fundamentals

• The program starts with a walkthrough of the international crisis management standard, ISO22361 and the fundamentals of crisis management.
• A basic understanding of key terminology and the differences between an incident and a crisis.
• An overview of crisis management governance, frameworks and structures.
• Key supporting regulatory requirements.
• An understanding of the key plans, processes and procedures required for effective crisis management.
• Finally, we investigate some real life plans and with a practical demonstration, put the plans into practice.

Module 2: Digital Forensics & Incident Response

• In this module, we cover the basic principles of digital forensics and incident response focused around the NIST framework.
• You explore the different types of cyber-attacks, how threat actors operate and the ransomware ecosystem.
• You explore how cyber incidents are detected and what measures are taken to mount an effective immediate response.
• We give you a high level overview of digital forensics and how it can be used effectively to understand how an attacker may have gained access to a network.
• We look at what makes a good ‘Cyber Incident Response Plan’ and supporting playbooks / procedures.
• We look at the challenges of recovery in attacks.

Day 2

Module 3: Cyber Crisis Exercises

• In this module we look at the different types of exercises that can be used to train incident response and crisis management teams.
• We start with an interactive exercise on crisis communications to demonstrate what an exercise is.
• We break down the methodology behind the design and delivery of an exercise.
• We explore what makes cyber exercises different to traditional exercises and how to make your cyber exercise effective.
• We look at how to effectively facilitate an exercise and what roles are required.
• Finally, we dive into post exercise reports and how to ensure lessons learned are captured and implemented.

Module 5: Tabletop Exercise Simulation

• The final module of the training program seeks to put all that we have learnt from planning and training into practice with an interactive tabletop simulation.
• Participants will each take on a role as part of a crisis team for a fictitious organization.
• They will be faced with an evolving cyber incident and be required to use their crisis plan to mount an effective response.
• They will work together, track information and make key decisions in an attempt to mitigate the impact of the evolving crisis.
• The session will end with a debrief and discussion on how the team responded, capturing what they did well and how they would improve if they were to do it again.