GCHQ-Certified Cyber Incident Planning & Response

Business Processes, Operational Strategies & Best Practices for responding to a Data Breach

We have trained over 250 organizations including:

"Only 10% of organisations have an Incident Response Plan" - GCHQ

Non-technical training course on how to respond to a cyber-attack

Learn from an FTSE 100 CISO with over 15 years experience

Optional GCHQ-Certified Training Examination

GCHQ-Certified Cyber Incident Planning & Response

Is your organisation prepared to respond to a data breach?

  • Is your organisation ready to deal with regulators after a data breach?
  • Are you able to comply with GDPR breach notification requirements?
  • Are you able to measure your organisation's breach readiness?

This course will enable you to prepare a defined and managed approach when responding to a data breach or cyber-attack of an information asset. The content is intended for senior management and business executives who wish to gain a better understanding of incident response or who are responsible for helping their organisations plan and prepare for potential cyber threats and effectively deal with actual cyber-attacks. This is not a technical course, therefore, there are no prerequisites.

This cybersecurity training course provides senior management and incident response teams with the vital processes, knowledge and skills to lead and manage a cyber crisis. The course is designed for senior management involved in responding to a cyber or data breach across an organisation, including staff involved in:

  • Strategic and operational decision making
  • Information security
  • BCP, DR or IR
  • Enterprise Risk Management
  • Audit & Compliance
  • Business Continuity
  • Service Management
  • Governance

 (ISC)2 members can claim 8 CPE points for attending this course. 

Complete Modules 1 & 2 from the CIPR Course Free of Charge Online

This training is available as a one-day public course or a two-day internal workshop

Feedback from our Attendees

A really good session, the trainer is really knowledgeable and presents it in a really understandable format that the participants really enjoyed.
Wayne Parks
Head of ICT Warwickshire Police
It was really spot on, very practical, non-technical I have a couple of great take aways for my every day work. Highly recommend it for non-technical people.
Catherine Gloor
Director Group Information Security UBS
It was amazing. Amar is not just a trainer, he’s an industry expert, and from his experience and knowledge, I actually got some amazing insights.
Suraj Singh,
Head of SOC Microsoft

I found today’s course very productive and discussing the various aspects of incident response. Course is very clearly presented; I fully understood the content and look forward to putting some of the stuff into practice. Thank you.

Euan Ramsay,
CSIRT Director, UBS
Brilliant course with lots of good examples. A course to recommend to any incident response team.
Cyber Incident Response Team,
Swiss National Bank
I feel the day was really well spent in terms of understanding and getting newer or additional knowledge around this concept and the trainer was absolutely wonderful in sharing and articulating this.
Sapan Talwar,
Head of Information Security - Adobe
I have been attending CMA’s Cyber workshop today and we’ve been reviewing instant response. They’ve been directing us towards good practice; they’ve been reviewing our current ideas, and they’ve been adding real value to our Cyber Security response. I thoroughly recommend using CMA for the future.
Robin Smith,
Head of Cyber Security - South Yorkshire NHS
I have attended the CIPR training course and I have to say I was very impressed with the course and its content. You don’t need to have IT skills or an incite into IT but what it does do is in layman terms sets out the key issues.  This course is very good.
Vanessa Smith,
DCI, Head of Cyber Crime Unit, West Yorkshire Police
I wish all Senior Executives attend this course. It’s the most practical course I have ever attended. It teaches you not just how to understand but also how to respond to a Cyber Attack. 
KS Ramakrishnan
I found the course to be very interesting. It not the usual bookish theoretical type of course it was quite interactive.
Sanjay Khanna,
CIO, Rakbank



  Watch Course Attendees Feedback

Data Breach Checklist GDPR 

14671_gchq_certified_training_colour-1-178681-edited.jpg                CIIS-Logo_full_colou_tiny


With so many cybersecurity training courses available, GCT certification and CIISec’s (Chartered Institute of Information Security) accreditation enables organisations to distinguish between reputable courses and ones that have not been validated using a Government-endorsed assessment process.     

GCT is part of the UK Government’s initiative to address the shortage of skilled cybersecurity professionals. GCHQ helps protect the Government’s communications and electronic data. 

The GCT scheme is underpinned by the industry-respected IISP framework, assessing the quality of the course materials, and the trainer's delivery of the course against GCHQ’s exacting standards. Attendees can, therefore, be confident that they’re embarking on a training course that has been recognised for excellence by a UK Government-developed cybersecurity scheme.

The Chartered Institute of Information Security (CIISec) is the only pure play information security institution to have been granted Royal Charter status and is dedicated to raising the standard of professionalism in information security.CIISec represents professionalism, integrity and excellence within information and cyber security sector.

CPD points can be claimed for Cyber Incident Planning and Response Training courses at the rate of:

1 point per hour of training for GCHQ/CIISec approved courses (8 points for one-day public course and 15 points for the two day internal workshop).


Delegates will learn and understand:

  • The latest techniques and insights on incident response.
  • Threat Intelligence-led testing and response framework adopted by leading governments and institutions.
  • The Cyber Kill Chain and how to design an early warning system to lower discovery time from months to days.
  • How to create actionable plans, checklists, playbooks and processes.
  • How to define and baseline “Normal” within your organisation.
  • The best ways to stop up to 90% of all cyber attackers in their tracks, before they breach your critical data.
  • How to design and implement a response framework and build an effective cyber response team.
  • Secrets of managing TV reporters and media journalists.
  • The “Golden Hour” and why it’s critical to managing an incident.
  • Basic application of incident triage, OODA and the Diamond Methodology.
  • Ways to analyse recent attacks and how these attacks avoided detection.
  • Security Incident Orchestration and how it can help reduce your time to respond and reduce human error.
  • How to automate critical incident response tasks to increase employee efficiency.
  • How to run effective table-top exercises with management and your technical teams.
  • How to assess your organisation's breach readiness.

Cyber Incident  Planning & Response Brochure Download

  New Call-to-action
CIPR Documents Image


Interactive Group Activities
- Breach Notification Templates
- Before the Incident Mind-Map
- After the Incident Mind-Map
- Checklists
- Crown Jewels
- Process Workflows
- The Cyber Kill Chain
- Go Destroy
- Log Data Analysis
- Press Interview Scenarios
- Crisis Comms Plan
- Client and PR Communication Templates
Understanding Threat Actors

- Introduction to threat actors, intent and attributes. 
- Threat actors in detail.
- The TAL or threat actor library and its purpose.
- Building the Threat Actor Profile.


Automating Incident Management & Response

- What is incident orchestration?
- Using incident orchestration to significantly reduce time to respond to data breaches. 
- How to semi-automate and fully automate incident  management.
- Using incident orchestration to empower and up-skill  existing staff.
- Incident orchestration as a Force Multiplier. 
- Using orchestration to increase compliance to regulations, such as GDPR.

Defining Normal
- Introduction - The concepts and theory
- Interactive review - Applying 'Define Normal' in an organisational context
- Identifying critical systems and assets (Move to Visibility)
- Understanding and building the organisational baseline
- Defining high-level cyber response process workflows (move somewhere)
The Technologies
- Understanding the technologies that underpin an effective breach-ready organisation. 
- Analysis of core technology requirements
The Cyber Kill Chain
- Methods of attack
- Analysis of the Cyber Kill Chain 
- Review of recent high-profile attacks 
- Strategies to counter the Cyber Kill Chain
Triage, Detection & Monitoring
- OODA Loop
- The Golden Hour
- Log Management
The Checklist
- Creating/adopting the checklist
- Incident management checklist
- Using the checklist to beat the hackers!
Intelligence Led Incident Response
- Detailed why and how
- Actionable Threat Intelligence
- Demonstration of how to prepare for an upcoming attack
Forensics & Investigations
- Integrity
- Forensic principles
- Seizing evidence
Public Relations

- Understanding the basic principles of public relations
- Communications - An interactive exercise
- Case Study - Review of a recent cyber-attack
- Crisis Comms Plans Management
- Social Media and PR key steps

Building the Team
- Identifying stakeholders
- Defining the key activities of the team
-Interactive review - an ideal Incident Response Team

Meet the Trainer 

Amar Singh has a long history and experience in data privacy and information security. Amar has served as CISO for various companies, including News International (now News UK), SABMiller, Gala Coral, Euromoney and Elsevier. Amongst various other activities, Amar is a Global Chief Information Security Officer and Trusted Advisor to a number of organisations including a FTSE100 firm, and is chair of the ISACA UK Security Advisory Group. He also founded the not-for-profit cybersecurity service for charities, Give01Day.

Amar_Singh_CISO (1).jpg

Amar has the highest integrity and is trusted by FTSE100 companies with some of the most sensitive commercial information. He has been involved with highly sensitive forensic investigations.

He has the ability to deal with both technically astute, board-level executives and lead an organisation's information security direction. Apart from his experience and abilities, Amar holds a number of industry-recognised certifications, such as ISO 27001 Certified ISMS Lead Implementer, MoR, CRISC and CISSP certification.

Amar is an industry-acknowledged expert and public speaker and is regularly invited to speak and share his insights by some of the largest and most respected organisations in the world including The BBC, The Economist’s Intelligence Unit, The Financial Times, SC Magazine, InfoSec Magazine, Computer Weekly, The Register and the AlJazeera English Channel.


All trademarks, service marks, trade names, product names, service names and logos appearing on the site, or on printed or digital material are the property of their respective owners, including in Cyber Management Alliance Ltd. Any rights not expressly granted herein are reserved.

GCHQ Cyber Incident Planning & Response

Find out more about our one day public courses or internal workshops, please complete the form below. 

  • callOr call us on:
  • +44 (0) 203 189 1422