Hero Banner

GCHQ Certified Cyber Incident Planning & Response

Tuesday 21st November 2017 - London

We have trained over 100 organizations including:

Only 10% of organisations have an Incident Response Plan

Non Technical Training course on how to respond to a cyber attack

Learn from a FTSE 100 CISO with over 15 years experience

Plans, Check lists, Mind Maps and ongoing mentorship

GCHQ Certified Cyber Incident Planning & Response

The recent wannacry ransomware attack not only affected computers and billboards but actually impacted human life on a mass scale as hundreds of operations had to be delayed or cancelled.

Organisations continue to suffer from external and internal attacks yet Cyber Incident Management is an afterthought in most companies.

Is your organisation prepared to respond to a data breach?

  • Is your organisation ready to deal with regulators after a data breach?
  • Are you able to comply with GDPR breach notification requirements?
  • Are you able to measure your organisations breach readiness?

Including a Cyber Incident Response Plan in your GDPR preparation roadmap, will demonstrate to the regulators that you have the policies, procedures and planning in place to swiftly respond to a data breach.

This course will enable you to prepare a defined and managed approach when responding to a data breach or attack of an information asset. The content is intended for senior management and business executives who wish to gain a better understanding of incident response or are responsible for helping organizations plan and prepare for potential cyber threats and effectively deal with actual cyber-attacks. This is not a technical course therefore there are no prerequisites.

This training is available as a one day public course or a two day internal workshop.




GCT is part of the UK Government’s initiative to address the shortage of skilled cyber security professionals. GCHQ helps protect the Government’s communications and electronic data – it is one of the three UK Intelligence and Security Agencies alongside MI5 and the Secret Intelligence Service (MI6).

With so many cyber security training courses available – GCT certification enables customers to distinguish between reputable courses and ones that have not been validated using a Government endorsed assessment process.     

The GCT scheme is underpinned by the industry respected IISP framework and assesses the quality of the course materials and the trainers’ delivery of the course against GCHQ’s exacting standards. Attendees can therefore be confident that they’re embarking on a training course that has been recognised for excellence by a UK Government developed cyber security scheme.

Delegates will learn and understand:

  • The latest techniques and insight on incident response.
  • Threat Intelligence led testing and response framework adopted by leading governments and institutions.
  • Deep dive into Cyber Kill Chain and design an early warning system to lower discovery time from months to days
  • Create actionable plans & checklists 
  • Understand, define and baseline “Normal” within your organisation.
  • Stop up to 90% of all cyber attackers in their tracks and before they breach your critical data.
  • Design and implement a response framework and build an effective cyber response team.
  • Secrets of managing TV reporters and media journalists.
  • The “golden hour” and why it’s critical to managing an incident.
  • Basic application of incident triage, OODA and the Diamond Methodology.
  • Analyse recent attacks and learn how these attacks avoided detection.
  • Learn about security incident orchestration and how it can help reduce your time to respond and reduce human error
  • Learn how to automate critical incident response tasks to increase employee efficiency
  • Learn how to run effective table top exercises with management and your technical teams
  • Learn how to assess your organisations breach readiness

Cyber Incident Planning & Response Brochure Download

  New Call-to-action


Interactive Group Activities
- Breach notification Templates
- Before the Incident Mind Map
- After the Incident Mind Map
- Checklists
- Crown Jewels
- Process Workflows
- The Cyber Kill Chain
- Go Destroy
- Log Data Analysis
- Press Interview Scenarios
- Crisis Comms Plan
- Client and PR Communication Templates
Understanding Threat Actors

- Threat Actors in Detail 
- Threat Agents Intent & Attributes
- Detection and Response Strategies

Automating Incident Management & Response

- What is incident orchestration
- Using incident orchestration to significantly reduce time to - respond to data breaches
- How to semi-automate and fully automate incident      management
- Using incident orchestration to empower and up skill  existing staff
- Incident orchestration as Force Multiplier
- Using orchestration to increase compliance to regulations like GDPR

Defining Normal
- Identifying Critical Systems and Assets
- Understanding and Building the Organisational Baseline
- Interactive session on applying these principles
- Strategies in understanding operational weaknesses
- Defining high level cyber response process workflows
The Technologies
- Understanding the technologies that underpin an effective breach ready organisation. 
- Analysis of core technology requirements
The Cyber Kill Chain
- Methods of Attack
- Analysis of the Cyber Kill Chain 
- Review of Recent High Profile Attacks 
- Strategies to counter the Cyber Kill Chain
Triage, Detection & Monitoring
- OODA Loop
- The Golden Hour
- Log Management
The Checklist
- Creating/ adopting the checklist
- Incident management checklist
- Using the check list to beat the hackers!
Intelligence Led Incident Response
- Detailed why and how
- Actionable Threat intelligence
- Demonstration of how to prepare for the upcoming attack
Forensics & Investigations
- Integrity
- Forensic Principles
- Seizing Evidence
Public Relations

- Crisis Comms Plans Management
- Social Media & PR Key Steps
- PR Case Study
- Breach notification

Building the Team
- Stakeholders - Who are they?
- Legal Considerations, Compliance and Notifications
- Building an effective & agile stakeholder
- Third Parties

Meet the Trainer 

Amar Singh has a long history and experience in data privacy and information security training. Amar Singh has served as CISO for various companies, including News International (now News UK), SABMiller, Gala Coral, Euromoney and Elsevier. Amar, amongst various other activities, is a Global Chief Information Security Officer and Trusted Advisor to a number of organisations including a FTSE100 firm and is chair of the ISACA UK Security Advisory Group. Amar also founded the not for profit cyber security service for charities, Give01Day and is an Executive to the Board of the National MBA in Cyber Security.

Amar_Singh_CISO (1).jpg

Amar has the highest integrity, has been trusted by FTSE100 companies with some of the most sensitive commercial information and has been involved with highly sensitive forensic investigations.

He has the ability to deal with both technically the astute, board-level executives and lead an organisations information security direction. Apart from experience and abilities, Amar holds holds a number of industry recognised certifications, such as the ISO 27001 Certified ISMS Lead Implementer, MoR, CRISC and CISSP certification.

Amar is an industry acknowledged expert and public speaker and is regularly invited to speak and share his insights by some of the largest and most respected organisations in the world including The BBC, The Economist’s Intelligence Unit, The Financial Times, SC Magazine, InfoSec Magazine, Computer Weekly, The Register and the AlJazeera English Channel.


All trademarks, service marks, trade names, product names, service names and logos appearing on the site, or on printed or digital material are the property of their respective owners, including in Cyber Management Alliance Ltd. Any rights not expressly granted herein are reserved.

  • testimonial_img.png
    I found the course to be very interesting. It not the usual bookish theoretical type of course it was quite interactive.
    Sanjay Khanna
    CIO, Rak Bank, Dubai
  • testimonial_img.png
    Amar Singh brings a wealth of personal
    experience and knowledge
    Hariprasad Chede
    President ISACA UAE
  • testimonial_img.png
    The course was excellent. Not the typical core text book training but giving valuable insights and experiences                             
    Youssef Karroum
    Head of IT, Bank of Sharjah, UAE
  • testimonial_img.png
    This was the most interesting and attractive courses I have ever attended. A lot of inside knowledge was shared.
    Saptorshi Datta
    Head of Audit,
    Emirate Global Aluminium, UAE
  • testimonial_img.png

    I wish all Senior Executives attend this course. It’s the most practical course I have ever attended. It teaches you not just how to understand but also how to respond to a Cyber Attack.                       


    Chief Risk Officer, Rak Bank, Dubai UAE

  • testimonial_img.png

    The information we learnt provoked plenty of conversation both around personal experiences with the challenges that I face in the business  and also backing up what was said in the course with real life examples.

    Aaron Townsend

    Head of Service Delivery,

    British Medical Journal

  • testimonial_img.png

    The training was very informative and well knowledgable and i would recommend this course to anyone who wishes to explore cyber security even further.

    Frank Manoharan

    IT Director,

    Christ the King Sixth Form Colleges London

  • testimonial_img.png

    It’s been a great two days of learning. We drilled down, we simplified how an incident should be detected and how an incident should be handled. One of the key learnings I have taken is define normal.

    Sanjoy John

    Paramount Computer Services,

    Dubai, UAE

  • testimonial_img.png

    The overall training was good, it was quite informative. I highly recommend this training session to at least the CXO level people because it is something very meaningful for them and it can be very beneficial for organisations

    Anuj Jain

    Trusted Security Advisor,

    Starlinks, Dubai UAE

  • testimonial_img.png

    Amar is a good mentor because he did more than just teaching. The checklist and mind maps are a really good part of the course.

    Vimal Rama

    IT Manager, HLB HAMT, Dubai UAE

  • testimonial_img.png

    Amar is an excellent tutor and mentor also. The key aspects of the training is interactive sessions. Everyone has shared their experiences. I gained much knowledge which will be useful for my day to day activities.

    BGK Vikram

    Manager Information Security Audit,

    RAK Bank, Dubai UAE

  • testimonial_img.png

    I really learnt a lot from this course as it was the first cyber security course I have been on. What I liked the most was the mind-mapping.

    Krishna Raghupati

    Paramount Computer Services,  Dubai UAE

  • testimonial_img.png

    recommend everyone to attend this course whether your business is at the beginning or whether you have already implemented some of the IT security procedures

    Bir Lama

    Network Engineer,

    Christ the King Sixth Form Colleges London

 GCHQ Certified Cyber Incident Planning & Response
Course Registeration 

  • callOr call us on:
  • +44 (0) 203 189 1422