Cyber Crisis Management Training

Intended Audience

This course is for professionals looking to deepen their understanding of cyber incident response and crisis management. It is especially relevant for Cyber Security Managers, CISOs, IT incident responders, and those in crisis, business continuity, or risk management roles responsible for cyber crisis preparedness.

Required Skills and Expertise

No particular skills or expertise are required. There are some high level technical components in the Cyber Incident Response modules but these are intended to be understood by all.

Program

The program is divided into 4 modules, which are given in a two-day course. After completing the course, each participant is rewarded with a certificate.

Day 1

Module 1: Crisis Management Fundamentals
The program starts with a walkthrough of the international crisis management standard, ISO22361 and the fundamentals of crisis management. You gain or learn about:

• A basic understanding of key terminology and the differences between an incident and a crisis.
• An overview of crisis management governance, frameworks and structures.
• Key supporting regulatory requirements.
• An understanding of the key plans, processes and procedures required for effective crisis management.
• Finally, we investigate some real life plans and with a practical demonstration, put the plans into practice.

Module 2: Digital Forensics and Incident Response
In this module, we cover the basic principles of digital forensics and incident response focused around the NIST framework.

• You explore the different types of cyber-attacks, how threat actors operate and the ransomware ecosystem.
• You explore how cyber incidents are detected and what measures are taken to mount an effective immediate response.
• We give you a high level overview of digital forensics and how it can be used effectively to understand how an attacker may have gained access to a network.
• We look at what makes a good ‘Cyber Incident Response Plan’ and supporting playbooks / procedures.
• We look at the challenges of recovery in attacks.

Day 2
Module 3: Cyber Crisis Exercises
In this module we look at the different types of exercises that can be used to train incident response and crisis management teams.

• We start with an interactive exercise on crisis communications to demonstrate what an exercise is.
• You learn the methodology behind the design and delivery of an exercise.
• We explore what makes cyber exercises different to traditional exercises and how to make your cyber exercise effective.
• You learn how to effectively facilitate an exercise and what roles are required.
• Finally, we dive into post exercise reports and how to ensure lessons learned are captured and implemented.

Module 4: Tabletop Exercise Simulation
The final module of the training program seeks to put all that we have learnt from planning and training into practice with an interactive tabletop simulation.

• Participants will each take on a role as part of a crisis team for a fictitious organization.
• You will be faced with an evolving cyber incident and be required to use their crisis plan to mount an effective response.
• You will work together, track information and make key decisions in an attempt to mitigate the impact of the evolving crisis.
• The session will end with a debrief and discussion on how the team responded, capturing what you did well and how they you improve if you were to do it again.