Building and Optimising Incident Response Playbooks

Cyber Crisis Incident Planning and Response Workshops

We have trained over 250 organizations including:

"Only 10% of organisations have an Incident Response Plan" - GCHQ

Create actionable scenario based playbooks

Cyber Crisis Management

Templates and Collateral

Data Breach Planning & Response: Playbooks Session


“We have an incident response handbook” OR “Yes, we have carried out a BCP exercise and can recover from a disaster” OR “we have 200 page major incident handling guide”

Companies repeat these and other statements every-time they are asked if they are prepared for a cyber-attack or data-breach. The truth is that most businesses only discover how ineffective their plans are when they are hit by a cyber attack.

You maybe prepared for a traditional crisis, like a flooding of the data centre OR your office building not being available due to an incident.

However, a cyber-crisis is often invisible and near impossible to detect in the early stages. In many cyber-attacks by the time a business detects the attack it is often too late. The data has been stolen , the newspapers know about your attack and your customers are worried about their personal data being in the hands of criminals.

CM-Alliance’s Building and Optimising Playbooks one day workshop equips you with the necessary knowledge to ensure your business has the actionable response mechanisms, checklists and procedures to respond to a variety of simple and complex cyber-attacks and data-breaches.

In this workshop you will learn:

  • The basic building blocks of a good and effective playbook
  • How NOT to respond to incidents, attacks and data-breaches: pitfalls to avoid when creating playbooks.
  • Triage, what it is, it’s role in incident management
  • How to use playbooks to aid in triage
  • Definition of a breach - why you need this and how to roll this out in your organisation.
  • Creating Scenarios - deep dive into creating effective scenarios.
  • Creating playbooks - starting from a basic to complex playbooks - Multiple interactive sessions
  • Management playbooks - how to build and engage management to use playbooks.
  • Running internal workshops - how to ensure maximum participation and effective results.
  • Understand the technology stack required to deliver automation.
  • Understand the role of SOAR (security orchestration and response) and the tools that you can use.
  • Organisational Capability and the role of playbooks in increasing staff skills and retention

Key Benefits :
  • Actionable steps you can take immediately to ensure you have actionable playbooks
  • Useful templates and collateral you can use in your business
  • Applicable Knowledge to create and use playbooks
  • Using SOAR and technologies to automate heavy lifting boring tasks
Target audience:

  • IT Technicians
  • Level 1, level 2, IT support
  • Network engineer
  • Windows, Unix and Max engineers
  • SOC Analysts (all levels)
  • IT Manager, Network Manager
  • Change Managers
  • Service Managers
  • BCP Manager
  • CISO / Head of IT security
  • Risk Managers
  • Head of IT


Learning Objectives:

  • List key benefits of playbooks and recognise their significance in enabling an organisation’s cyber resiliency.
  • Understand the basics of creating playbooks
  • Describe the key components required to create playbooks
  • Analyse and Assess the scenario and select the appropriate playbook
  • Construct simple and complex playbooks The latest techniques and insights on incident response.


Feedback from our Attendees

A really good session, the trainer is really knowledgeable and presents it in a really understandable format that the participants really enjoyed.
Wayne Parks
Head of ICT Warwickshire Police
It was really spot on, very practical, non-technical I have a couple of great take aways for my every day work. Highly recommend it for non-technical people.
Catherine Gloor
Director Group Information Security UBS
It was amazing. Amar is not just a trainer, he’s an industry expert, and from his experience and knowledge, I actually got some amazing insights.
Suraj Singh,
Head of SOC Microsoft

I found today’s course very productive and discussing the various aspects of incident response. Course is very clearly presented; I fully understood the content and look forward to putting some of the stuff into practice. Thank you.

Euan Ramsay,
CSIRT Director, UBS
Brilliant course with lots of good examples. A course to recommend to any incident response team.
Cyber Incident Response Team,
Swiss National Bank
I feel the day was really well spent in terms of understanding and getting newer or additional knowledge around this concept and the trainer was absolutely wonderful in sharing and articulating this.
Sapan Talwar,
Head of Information Security - Adobe
I have been attending CMA’s Cyber workshop today and we’ve been reviewing instant response. They’ve been directing us towards good practice; they’ve been reviewing our current ideas, and they’ve been adding real value to our Cyber Security response. I thoroughly recommend using CMA for the future.
Robin Smith,
Head of Cyber Security - South Yorkshire NHS
I have attended the CIPR training course and I have to say I was very impressed with the course and its content. You don’t need to have IT skills or an incite into IT but what it does do is in layman terms sets out the key issues.  This course is very good.
Vanessa Smith,
DCI, Head of Cyber Crime Unit, West Yorkshire Police
I wish all Senior Executives attend this course. It’s the most practical course I have ever attended. It teaches you not just how to understand but also how to respond to a Cyber Attack. 
KS Ramakrishnan
I found the course to be very interesting. It not the usual bookish theoretical type of course it was quite interactive.
Sanjay Khanna,
CIO, Rakbank

Meet the Trainer 

Amar Singh has a long history and experience in data privacy and information security. Amar has served as CISO for various companies, including News International (now News UK), SABMiller, Gala Coral, Euromoney and Elsevier. Amongst various other activities, Amar is a Global Chief Information Security Officer and Trusted Advisor to a number of organisations including a FTSE100 firm, and is chair of the ISACA UK Security Advisory Group. He also founded the not-for-profit cyber security service for charities, Give01Day.

Amar_Singh_CISO (1).jpg

Amar has the highest integrity and is trusted by FTSE100 companies with some of the most sensitive commercial information, and has been involved with highly sensitive forensic investigations.

He has the ability to deal with both the technically astute, board-level executives and lead an organisation's information security direction. Apart from his experience and abilities, Amar holds a number of industry-recognised certifications, such as ISO 27001 Certified ISMS Lead Implementer, MoR, CRISC and CISSP certification.

Amar is an industry-acknowledged expert and public speaker and is regularly invited to speak and share his insights by some of the largest and most respected organisations in the world including The BBC, The Economist’s Intelligence Unit, The Financial Times, SC Magazine, InfoSec Magazine, Computer Weekly, The Register and the AlJazeera English Channel.


All trademarks, service marks, trade names, product names, service names and logos appearing on the site, or on printed or digital material are the property of their respective owners, including in Cyber Management Alliance Ltd. Any rights not expressly granted herein are reserved.

Building and Optimising Incident Response Playbooks

Find out more about our one day public courses or internal workshops, please complete the form below. 

  • callOr call us on:
  • +44 (0) 203 189 1422