INCIDENT RESPONSE PLAYBOOKSNCSC-CERTIFIED BUILDING & OPTIMISINGINCIDENT RESPONSE PLAYBOOKS TRAINING COURSE

EXERCISES, WORKFLOWS,TEMPLATES & MORE

CREATE ‘READY TO USE’PLAYBOOKS

“ During cyber attacks, organisations fail miserably due to lack of consistent, repeatable and auditable incident response playbooks” Amar Singh, CISO & Trusted Advisor

NCSC-Certified training based on NIST IR guidance

Practical learning enriched with several exercises, usable templates

I gained a great deal from the day, particularly around the construction of bespoke play-books.

Andrew Lock, Information Security Consultant

I would strongly recommend this training to anyone who is involved in Cyber Security or has control of infomation assets.

Kim Rose,Information Governance Officer, Wye Valley NHS Trust

NCSC-CERTIFIED TRAINING. 12 SPECIFICALLY-DESIGNED MODULES. ENGAGING COURSE CONTENT WITH SEVERAL EXERCISES FOR ENHANCED LEARNING. BONUS CONTENT INCLUDING PLAYBOOK TEMPLATES, WORKFLOWS & MORE.

info@cm-alliance.com https://cm-alliance.com +44 203 189 1422 @cm_alliance

LEARNING OBJECTIVES

Learn what it takes to create, review & optimise effective cyber incident response playbooks.

Understand the significance of incident response playbooks in enhancing an organisation’s cyber resiliency.

Gain knowledge of the technology that can underpin the creation, optimisation & automation of playbooks.

Learn how to improve the organisation's speed of response to cyber-attacks through effective attack scenarios & supporting playbooks.

ACTIONABLE BENEFITS

Actionable steps you can take immediately to ensure you have fit-for-purpose playbooks.

Teaches you how to create NIST SP 800-61 R2 and NIST CSF compatible incident response playbooks.

Useful templates and collateral you can use in your business.

Using SOAR and technologies to automate heavy lifting, manual tasks.

Learn how to create & implement NIST-compliant Incident Response Playbooks

Accredited by

I attended the Playbooks course and I have learnt a lot.......

Krisztian Kenderesi, CISO - JHZ Systems 

info@cm-alliance.com https://cm-alliance.com +44 203 189 1422 @cm_alliance

Module Details

1 Case Study • Deep dive into a case study that highlights the importance of incident response playbooks

2 The Basics • The core concept of playbooks

• The different types of playbooks

• The different purposes of playbooks

3 Key Design Components

• Key attributes of a good incident analyst

• How to use playbooks effectively by leveraging the link between them & analysts

4 Designing Playbooks

• Building on the NIST Computer Security Incident Handling Guide, the four phases of creating playbooks

• The relationship of the phases to each other

• The relationship of the concept to creating effective playbooks

5 Analyse for Context • Importance of context & good analysis skills

• What is context & how to use it in playbooks

Module Details

6 Triggers • Relevance of triggers in playbooks

7 Participants & Stakeholders

• Understanding who can take which decisions in a crisis

8 Automation • Structured approach to automation before, during & after an attack

• Why implementation of automation is essential to playbooks

9 Creating Scenarios • How to plan & create cyber-attack scenarios

10 Testing Your Playbooks

• The basics of testing playbooks

11 Technological Solutions

• Importance & role of technology in playbooks

• Create effective IR checklists without specific technologies

12 Creating Playbooks • How to actually create playbooks• Using threat intel to create

a playbook & examine its components

WHAT YOU WILL LEARN

In this highly interactive workshop, you will learn:

The basic building blocks & key components of an effective playbook that meets NIST’s Incident Response Guidance.

How to create basic to complex playbooks.

Pitfalls to avoid when creating playbooks.

How to use playbooks to meet compliance requirements like the GDPR and ISO. 27001:2013’s Annex A.16.1 objectives.

How to use playbooks to aid triage.

A review of some common playbooks and how they help in incidents.

How to create effective scenarios.

The role of SOAR (Security Orchestration And Response) and the tools that you can use.

How to assess, deploy & implement automation in incident response playbooks.

INCIDENT RESPONSE PLAYBOOKSNCSC-CERTIFIED BUILDING & OPTIMISINGINCIDENT RESPONSE PLAYBOOKS TRAINING COURSE

Accredited by