Skip to Main Content
This website uses cookies. View our cookie policy
United Kingdom
Select regional store:
Incident Response Management Foundation Training Course

Incident Response Management Foundation Training Course

SKU: 4854

Find out how to effectively manage and respond to a disruptive incident (such as a data breach or cyber attack) and take appropriate steps to limit the damage to your business, reputation and brand.

This course will provide an introduction to developing an incident response programme according to the requirements of the GDPR and NIS Directive.


One day


Classroom sessions from 9:00 am to 5:00 pm


CIRM F (ISO 17024-certificated)

“I have already recommended this course to two colleagues. They are just seeking approval from training dept. for funding! This is my fourth ITG course (CISP, CISF, CISLI previously) so you must be doing something right.” - Anonymous

How to Book:

Simply book online to receive your booking confirmation and full joining instructions within 48 hours. We accept purchase orders from local authorities, government departments and other public-sector organisations, and will consider account facilities for large corporate customers. See our payment options page for details.

Book today

Course Locations

Price: £495.00
ex vat
call to book via purchase order


Why you need an incident response management programme:

  • Be better prepared when a breach or an incident occurs;
  • Respond faster to a data breach or incident by knowing exactly what to do and how to do it;
  • Know how to identify the cause of an incident and reduce further damage;
  • Effectively and quickly communicate with all relevant parties;
  • Reduce the impact of the event and take immediate action; and
  • Meet incident reporting deadlines of the GDPR and NIS Regulations


Attend this course and learn how to:

  • Identify critical information assets;
  • Identify and evaluate existing security controls;
  • Identify and distinguish between vulnerabilities, risks and threats;
  • Perform a business impact analysis;
  • Plan and design an incident response management programme;
  • Develop an incident response team;
  • Devise incident response testing scenarios; and
  • Establish a framework for continual improvement.


At the end of this course, you should be able to: 

  1. Understand key definitions and legal requirements that underpin incident response.
  2. Identify the components of the cyber kill chain, recognise common cyber threats and understand common threat actors.
  3. Define the structure, role and responsibilities of the incident response team.
  4. Comprehend the seven stages of incident response. 
  5. Propose the steps to formulate and test an incident response plan and define the scope of a business impact analysis.
  6. Apply incident response techniques to common risk scenarios.
  7. Know the role of cyber resilience in supporting incident response management.
  8. Manage communications and reporting requirements under the General Data Protection Regulation (GDPR) and the Directive on security of network and information systems (NIS Directive). 

Target audience

  • Managers who are already involved in incident management with either an information security or data protection background.
  • Individuals with little experience who are keen to enter the field or broaden their knowledge of incident management with a professional qualification, such as:
    • Business managers 
    • Compliance managers 
    • IT managers
    • Helpdesk managers
    • Project managers 
    • Risk managers 
    • Information security managers 
    • ISO 27001 lead auditors
    • PCI QSAs



There are no formal entry requirements but this is a professional course. It is assumed that attendees will have a good general understanding of cyber security principles and controls that underpin the protection of confidentiality, integrity and availability of data, gained through practical experience or reading.


CIRM F examination

Attendees take the CIRM F examination at the end of the course – a 60 -minute, multiple-choice, ISO 17024-certificated exam set by IBITGQ. There is no extra charge for this.

Please note that all IBITGQ exams are now online exams, so you will need to bring a 'pop-up enabled' laptop/tablet to the venue.
Full details on how to access the exam will be provided by email 1-2 days before sitting the exam.


Customer Reviews

(0.00)stars out of 5
# of Ratings: 0

You may also be interested in