Cyber Incident Management


Our incident management module is to reduce the harm caused to organisations of cyber incidents, and to use our understanding of these incidents to inform our guidance and help deter future attacks.

If your organisation has experienced a severe cyber incident, which poses a risk to your ongoing operation or to your customers or supply chain; you will be able to:

  • Describe the technical and guidance required for Cyber Incident response plan
  • Exercise and evaluate a Cyber incident response plan
  • Describe a Cyber Incident teams roles and responsibilities.
  • Evaluate the Impact of a cyber incident –identifying the attacker, their likely motivations, if there are any other victims and if the compromise is likely to spread
  • Consider any cross-Stakeholder response, helping you to work with relevant stakeholders such Legal firm, Insurance response and Police and regulatory investigation.


At the end of this module you will be able to:

  • Intro, Learning outcomes and course program (1 hour) Webinar
  • Threat and vulnerability assessment. What are the incidents to prepare for. Glossary of terms (1 hour) Online
  • Case study 1– Impact Small business in a large supply chain. (1 hour) Online
  • Case Study 2 – Ransomware attack on a group (1 hour) Online
  • NCSC Active Defence platform (1 hour) Online
  • NCSC – Exercise in a box (1 hour) Online
  • Cyber Incident exercise (2 hours) Webinar
  • Exercise debriefs and lessons learnt. (2 hours) Online
  • The psychology of a crisis (1 hour)
  • Leading in a crisis (1 hour) Online
  • How to write a Cyber incident management plan (1 hour) Online
  • Major cyber incident management exercise (5 Hours) – Face to face
  • Post exercise debrief and lessons learnt (1 hour) Online.

Hours for module: 20 hours.

How will the module be taught: The Course will open with a I hour teams webinar.
All lessons will be pre-recorded delivery

  • Exercise 1– 2 hour pre-set incident exercise where learners will need to respond to inputs. This a formative assessment with individual assessment and feedback via the 4D platform
  • Exercise 2– 5-hour face-to-face in the ADA incident management room. This will be a live cyber incident exercise (Ransomware attack) Individuals will need to respond to team decisions on scenario inputs both virtually and from live actors (real stakeholders).

Delivery sessions plan: Opening session – webinar over teams (total 3 hours) – Online pre-recorded lecture (11 hours) Face to face live exercise (5 hours)
Location: Bamboo Technology Group, GC Campus, Princess Elizabeth Way, Cheltenham, GL51 7SJ
Audience for module: Business leader, middle manager, someone wanting to improve knowledge.
Course leader: Lee Hibbert MSc, BEd Cert Ed, 35-years experience in Crisis and Incident management (Public, Private sector, Planning and delivering Crisis and Incident management – International Governments and NGO’s, High-risk environments, such as Libya, Iraq, South Sudan Sub Saharan Africa and Middle East).

Click here to download the module outline