Building & Optimising Cyber Incident Response Playbooks Course

Actions and Detail Panel


Event Information

Share this event

Date and Time



Online Event

Refund Policy

Refund Policy

Contact the organiser to request a refund.

Eventbrite's fee is nonrefundable.

Event description
The Building and Optimising Incident Response Playbooks one-day training & workshop equips you with knowledge to create CIPR playbooks.

About this Event

The Building and Optimising Incident Response Playbooks one-day training & workshop equips you with the necessary knowledge to create actionable playbooks and procedures to respond to a variety of simple and complex cyber-attacks and data breaches.

You may be prepared for a traditional crisis, like a flooding of the data centre or your office building not being available due to an incident. However, a cyber-crisis is often invisible and near impossible to detect in the early stages. In many cyber-attacks, by the time a business detects the attack, it is often too late. The data has been stolen , the newspapers know about your data-breach and your customers are worried about their personal data may be in the hands of criminals.

Benefits of the Playbooks Course

Individual Benefits:

As an individual, after you complete the Playbooks course you will be able to:

  • Create basic and advanced cyber incident response playbooks.
  • Analyse, improve and optimise existing incident response procedures.
  • Create effective attack scenarios with supporting response playbooks.
  • Run effective cyber incident response workshops to support continuous improvement in cyber resilience processes and procedures.
  • Understand the role of SOAR (Security Orchestration and Response) and the tools that you can use to implement SOAR.

Organisational Benefits

When run internally, the Building & Optimising Incident Response Playbooks (Playbooks) workshop brings significant benefits to an organisation including, but not limited to:

  • Significantly boosting the organisation’s cyber-incident response capabilities.
  • Achieving better compliance by ensuring its response procedures and playbooks meet respective and geographical breach notification requirements.
  • Carrying out a consultative review of its existing response processes, procedures and playbooks.
  • Ensuring continuity and consistency in both its technical and managerial responses during a regular incident or a cyber crisis.

Virtual Classroom:

The playbooks training is available as an eLearning (also called Self-paced Learning) option and as a virtual classroom training. For the virtual training we use Zoom

Highlights of the E-Learning, Instructor-led live and public CIPR course:

  • 8 modules designed specifically to cover this topic.
  • Highly interactive course with several exercises to ensure maximum learning.
  • Bonus content including playbook templates, workflow and more.

Learning Objectives:

  • Learn what it takes to create, review and optimise cyber incident response playbooks.
  • Understand the technology that can underpin the creation, optimisation and automation of playbooks.

In your own words, you will be able to explain and discuss the

  • Key components of an incident response playbooks.
  • Importance and role of effective playbooks in increasing organisational cyber resilience.
  • Importance and role of fit-for-purpose, effective playbooks in increasing compliance with breach notification requirements, like the 72 hours data-breach-notification requirement from the GDPR.
  • Benefits of having a structured, repeatable way to respond to cyber-attacks.
  • Benefits of Incident response playbooks and how they impact staff efficiency.
  • Benefits of using technological solutions to create, automate and improve playbooks.

Use the knowledge gained from this workshop to

  • Create basic and advanced cyber incident response playbooks.
  • Work with and contribute to better articulated risk management.
  • Host and run ongoing workshops to continually review and improve response playbooks.
  • Assess, deploy and implement automation in incident response and playbooks.
  • Review and improve existing incident response playbooks.

Target audience:

  • IT Technicians
  • Level 1, level 2, IT support
  • Network engineers
  • Windows, Unix and Max engineers
  • SOC Analysts (all levels)
  • IT Managers, Network Managers
  • Service Managers
  • BCP Managers
  • CISOs / Heads of IT security
  • Risk Managers
  • Heads of IT
  • Change Managers

Module 1 - The Foundations & Concepts

Starting the foundation, this module sets the baseline, ensures all students understand the core concepts that underpin the course.

Those who are non-technical will find that attending our NCSC-Certified CIPR course establishes the core concepts on which this playbooks course is built upon.

Key components of an effective playbook.

A case study on the importance of playbooks.

Module 2 - The Four Phases of a Playbook

Building on the NIST 800-61.r2 Computer Security Incident Handling Guide, we take the student through an in-depth understanding of these four phases, their relationships to each other and the relationship of this concept to creating effective and fit-for-purpose incident response playbooks.

Module 3a, 3b & 3c - Preparing the Groundwork

These 3 modules introduce the student to key concepts of not just playbooks but the primary constituents of a good incident analyst. There is a substantial link between an analyst and playbooks and to create and use playbooks effectively you need to understand the basics.

Module 4 - Automation

This module breaks down the topic of automation in incident response and playbooks and dives deeper into the concepts and reasons and implementation examples of automation. This section also gives examples of how automation can be used as a force for staff retention and motivation. In addition, the student is shown a structured approach to automating actions before, during and after a cyber attack.

Module 5 - Threat Intelligence & Playbooks

This is not a section to learn about threat intelligence but rather a specific section that teaches and challenges the student to start creating their first full playbook. We all now threat-intel is important, but in this module we show you useful and important it is and how you can use playbooks to significantly improve your security posture.

Module 6 - Participants

'Who you going to call' during an attack. Even for the most prepared there are moments when you wonder, who is it we need to call? OR who can authorise this action? Seems simple, but there is a method and approach to get this right and yes, you have to plan ahead.

Module 7 - Creating Cyber-Attack Scenarios

If you think creating scenarios is easy - think again. A good scenario needs time, creativity, time and more creativity. Wait, it also needs a few other key ingredients. This module introduces scenarios, explains the importance of cyber attack scenarios and their relevance and then dives into how you can create them yourself. An absolute must learn module if you want to be an incident response honcho.

Module 8 - Creating Playbooks

In this module, we do what it says on the tin. We start creating and review all sorts of playbooks, from detection, analysis and response with scenarios from malware, ransomware, data theft and more. As with other modules, there are several interactive exercises.

Meet the Trainer

Amar Singh has a long history and experience in data privacy and information security. Amar has served as CISO for various companies, including News International (now News UK), SABMiller, Gala Coral, Euromoney and Elsevier. Amongst various other activities, Amar is a Global Chief Information Security Officer and Trusted Advisor to a number of organisations including a FTSE100 firm, and is chair of the ISACA UK Security Advisory Group. He also founded the not-for-profit cybersecurity service for charities, Give01Day.

Share with friends

Date and Time


Online Event

Refund Policy

Contact the organiser to request a refund.

Eventbrite's fee is nonrefundable.

Save This Event

Event Saved