Learn to Create NIST Compatible Incident Response Playbooks
We have trained over 750 organizations including:
The NCSC-Certified Building and Optimising Incident Response Playbooks training course, teaches you how to create NIST SP 800-61 R2 and NIST CSF compatible incident response playbooks to respond to a variety of simple and complex cyber-attacks and data breaches.
Unlike a traditional crisis like an earthquake or flood, a cyber-crisis is often invisible and near impossible to detect in the early stages. In a majority of cyber-attacks, by the time a business detects the attack, it is often too late. The data has been stolen , the media knows about your data-breach and your customers are worried their personal data may be in the hands of criminals.
As an individual, after you complete the Playbooks course you will be able to:
When run internally, the NCSC-Certified Building & Optimising Incident Response Playbooks (Playbooks) workshop brings significant benefits to an organisation including, but not limited to:
The playbooks training is available as an eLearning (also called Self-paced Learning) option and as a virtual classroom training. For the virtual training we use Zoom
You can combine the Internal Playbooks training with our Cyber Crisis Tabletop Exercise (CCTE) workshop to formally test your playbooks in a simulated cyber-attack environment. You can find more information on Cyber Crisis Tabletop Exercises here or if you prefer, you can book an appointment with us to discuss this option in more detail.
Level 1, level 2, IT support
Windows, Unix and Max engineers
SOC Analysts (all levels)
IT Managers, Network Managers
This module dives straight in with a case study on the importance of incident response playbooks. Those who are non-technical will find that attending our NCSC-Certified CIPR course establishes the core concepts on which this playbooks course is built.
This sections introduces the core concepts of playbooks, the types of playbooks and takes the student through the various different purposes of playbooks.
This module further builds on Module 2 and introduces the student to key concepts of not just playbooks but the primary constituents of a good incident analyst. There is a substantial link between an analyst and playbooks and to create and use playbooks effectively you need to understand the basics.
Building on the NIST SP 800-61.r2 Computer Security Incident Handling Guide, we take the student through an in-depth understanding of these four phases, their relationships to each other and the relationship of this concept to creating effective and fit-for-purpose incident response playbooks.
Introduces the importance of context in incident response and the importance of good analysis skills that help build context. This section goes through several exercises to help the student understand what is context and how to use it in playbooks.
Staying with the importance of context and building on this important topic, we cover the relevance of triggers in playbooks. Put simply, a bad trigger almost always equals a terrible playbook.
This module breaks down the topic of automation in incident response and playbooks and dives deeper into the concepts and reasons and implementation examples of automation. This section also gives examples of how automation can be used as a force for staff retention and motivation. In addition, the student is shown a structured approach to automating actions before, during and after a cyber attack.
This module goes into significant details of how to plan and create cyber attack scenarios.
A short module of the importance and role of technology in incident response playbooks. We also show you how you can create effective IR checklists without the need for specific technologies.
Bringing all the knowledge from previous modules together, we go into detail on how to actually design and create playbooks. We use threat intelligence to create our first comprehensive playbook and examine various components of the playbook.
Amar Singh has a long history and experience in data privacy and information security. Amar has served as CISO for various companies, including News International (now News UK), SABMiller, Gala Coral, Euromoney and Elsevier. Amongst various other activities, Amar is a Global Chief Information Security Officer and Trusted Advisor to a number of organisations including a FTSE100 firm, and is chair of the ISACA UK Security Advisory Group. He also founded the not-for-profit cybersecurity service for charities, Give01Day.
Amar has the highest integrity and is trusted by FTSE100 companies with some of the most sensitive commercial information. He has been involved with highly sensitive forensic investigations.
He has the ability to deal with both technically-astute, board-level executives and lead an organisation's information security direction. Apart from his experience and abilities, Amar holds a number of industry-recognised certifications, such as ISO 27001 Certified ISMS Lead Implementer, MoR, CRISC and CISSP certification.
Amar is an industry-acknowledged expert and public speaker and is regularly invited to speak and share his insights by some of the largest and most respected organisations in the world including The BBC, The Economist’s Intelligence Unit, The Financial Times, SC Magazine, InfoSec Magazine, Computer Weekly, The Register and the AlJazeera English Channel.
All trademarks, service marks, trade names, product names, service names and logos appearing on the site, or on printed or digital material are the property of their respective owners, including in Cyber Management Alliance Ltd. Any rights not expressly granted herein are reserved.
Find out more about our one day public courses or internal workshops, please complete the form below.