Data Breach Incident Response Internal Workshop

Business Processes, Operational Strategies & Best Practices for Responding to a Data Breach

We have trained over 250 organizations including:

"Only 10% of organisations have an Incident Response Plan." - GCHQ

Non-technical workshop on how to respond to a data breach or cyber-attack

Workshop delivered by a FTSE 100 CISO with over 15 years of experience

Delivered globally to over 100 organisations including UK Police Forces

Cyber Management Alliance is a UK-registered cybersecurity training provider and trusted advisor to private and public sector organisations.

Cyber Management Alliance (CM-Alliance) provides its clients with a broad portfolio of strategic and operational cybersecurity services including the GCHQ-Certified Cyber Incident Planning & Response(CIPR) Breach Readiness Programme.

The key focus of the CIPR Programme is to enable clients:

  • To be compliant with new breach regulations like the GDPR by enhancing their cyber resilience posture and reducing their risk exposure. 
  • By supporting, developing and assisting management in ensuring that the business can swiftly respond to and resume its operations during and after a cyber-attack.
  • To embrace a best-practice, standards-based approach to managing (monitoring, detecting, responding to, containing) a cyber-attack.

Throughout this programme, we work with all stakeholders in the business to create and adopt a set of strategies, policies and technologies to ensure that the organisation is aligned and compliant with the GDPR’s breach notification requirements.

GCHQ-Certified Cyber Incident Planning & Response Workshop

Is your organisation prepared to respond to a data breach?

By including a Cyber Incident Response Plan in your GDPR preparation road-map, you will demonstrate to the regulators that you have the policies, procedures and planning in place to swiftly respond to a data breach or cyber-attack.

This two-day workshop will enable you to prepare a defined and managed approach when responding to a data breach or cyber-attack of an information asset. The content is intended for senior management and business executives who wish to gain a better understanding of incident response or who are responsible for helping organisations plan and prepare for potential cyber threats, and effectively deal with actual cyber-attacks. This is not a technical course, therefore, there are no prerequisites.

This cybersecurity training course provides senior management and incident response teams with the vital processes, knowledge and skills to lead and manage a cyber crisis. The course is designed for senior management involved in responding to a cyber or data breach  across an organisation, including staff involved in:

  • Strategic and operational decision-making.
  • Information security.
  • Enterprise risk management.
  • Audit & Compliance.
  • Business continuity.
  • Service management.
  • Human Resource management. 

 This training is available as a one-day public course or a two-day internal workshop. 




New Call-to-action 



GCT is part of the UK Government’s initiative to address the shortage of skilled cybersecurity professionals. GCHQ helps protect the Government’s communications and electronic data – it is one of the three UK Intelligence and Security Agencies alongside MI5 and the Secret Intelligence Service (MI6).

With so many cyber security training courses available, GCT certification enables organisations to distinguish between reputable courses and ones that have not been validated using a Government-endorsed assessment process.     

The GCT scheme is underpinned by the industry-respected IISP framework assessing the quality of the course materials, and the trainer's delivery of the course against GCHQ’s exacting standards. Attendees can, therefore, be confident that they’re embarking on a training course that has been recognised for excellence by a UK Government-developed cyber security scheme.

Please find below a cross-section of our clients of the CIPR Breach Readiness workshops:

Government / Public Sector: Warwickshire Police, West Mercia, West Yorkshire Police, South Yorkshire Police, North Yorkshire and Humberside Police.

Multinationals: Adobe, Microsoft, Sony and Emirates Airlines.

Banks: Swiss National Bank, UBS, RAKBANK, National Bank of Fujairah, Standard Chartered Bank.

Publishing: The British Medical Journal.

Industrial: Emirates Aluminium, Kuwait Petroleum, CB & I.

"Excellent workshop with a lot of good hints, not only for security staff, but also for management in order to understand the nature of attacks and the mitigation of vulnerabilities in order to reduce the impact during an incident.
Thank you for this excellent workshop. The expectation was exceeded, especially the examples from incidents and hits."
- UBS Card Centre, Switzerland



Delegates will learn and understand:

  • The latest techniques and insights on incident response.
  • Threat Intelligence-led testing and response framework adopted by leading governments and institutions.
  • Deep-dive into the Cyber Kill Chain and design an early warning system to lower discovery time from months to days.
  • How to create actionable plans, checklists, playbooks and processes.
  • How to define and baseline “normal” within the organisation.
  • How to stop up to 90% of all cyber attackers in their tracks and before they breach the organisation's critical data.
  • How to design and implement a response framework and build an effective cyber response team.
  • The secrets of managing TV reporters and media journalists.
  • The “Golden Hour” and why it’s critical to managing an incident.
  • Basic application of incident Triage, OODA and the Diamond Methodology.
  • How to analyse recent attacks and how these attacks avoided detection.
  • Security Incident Orchestration and how it can help reduce your time to respond and reduce human error.
  • How to automate critical incident response tasks to increase employee efficiency.
  • How to run effective table-top exercises with management and technical teams.
  • How to assess their organisation's breach readiness.

Cyber Incident Planning & Response Brochure Download

  New Call-to-action


Interactive Group Activities
- Breach Notification Templates
- Before the Incident Mind-Map
- After the Incident Mind-Map
- Checklists
- Crown Jewels
- Process Workflows
- The Cyber Kill Chain
- Go Destroy
- Log Data Analysis
- Press Interview Scenarios
- Crisis Comms Plan
- Client and PR Communication Templates
Understanding Threat Actors

- Threat Actors in Detail 
- Threat Agents Intent and Attributes
- Detection and Response Strategies

Automating Incident Management & Response

- What is incident orchestration?
- Using incident orchestration to significantly reduce time to respond to data breaches
- How to semi-automate and fully automate incident  management
- Using incident orchestration to empower and up-skill  existing staff
- Incident orchestration as a Force Multiplier
- Using orchestration to increase compliance with regulations, such as GDPR

Defining Normal
- Identifying critical systems and assets
- Understanding and building the organisational baseline
- Interactive session on applying these principles
- Strategies for understanding operational weaknesses
- Defining high-level cyber response process workflows
The Technologies
- Understanding the technologies that underpin an effective breach-ready organisation 
- Analysis of core technology requirements
The Cyber Kill Chain
- Methods of attack
- Analysis of the Cyber Kill Chain 
- Review of recent, high-profile attacks 
- Strategies to counter the Cyber Kill Chain
Triage, Detection & Monitoring
- OODA Loop
- The Golden Hour
- Log Management
The Checklist
- Creating/adopting the checklist
- Incident management checklist
- Using the checklist to beat the hackers!
Intelligence-led Incident Response
- Detailed why and how
- Actionable Threat Intelligence
- Demonstration of how to prepare for an upcoming attack
Forensics & Investigations
- Integrity
- Forensic principles
- Seizing evidence
Public Relations

- Crisis Comms Plans management
- Social media and PR key steps
- PR case study
- Breach notification

Building the Team
- Stakeholders - Who are they?
- Legal considerations, compliance and notifications
- Building an effective and agile stakeholder
- Third parties

Meet the Trainer 

Amar Singh has a long history and experience in data privacy and information security. Amar has served as CISO for various companies, including News International (now News UK), SABMiller, Gala Coral, Euromoney and Elsevier. Amongst various other activities, Amar is a Global Chief Information Security Officer and Trusted Advisor to a number of organisations including a FTSE100 firm, and is chair of the ISACA UK Security Advisory Group. He also founded the not-for-profit cybersecurity service for charities, Give01Day.

Amar_Singh_CISO (1).jpg

Amar has the highest integrity and is trusted by FTSE100 companies with some of the most sensitive commercial information. He has been involved with highly sensitive forensic investigations.

He has the ability to deal with both technically-astute, board-level executives and lead an organisation's information security direction. Apart from his experience and abilities, Amar holds a number of industry-recognised certifications, such as ISO 27001 Certified ISMS Lead Implementer, MoR, CRISC and CISSP certification.

Amar is an industry-acknowledged expert and public speaker and is regularly invited to speak and share his insights by some of the largest and most respected organisations in the world including The BBC, The Economist’s Intelligence Unit, The Financial Times, SC Magazine, InfoSec Magazine, Computer Weekly, The Register and the AlJazeera English Channel.


All trademarks, service marks, trade names, product names, service names and logos appearing on the site, or on printed or digital material are the property of their respective owners, including in Cyber Management Alliance Ltd. Any rights not expressly granted herein are reserved.

GCHQ Cyber Incident Planning & Response

Find out more about our one day public courses or internal workshops, please complete the form below. 

  • callOr call us on:
  • +44 (0) 203 189 1422