This website uses cookies. View our cookie policy
United Kingdom
Select regional store:
Cyber Incident Response (CIR) Management

Cyber Incident Response Management

SKU: 4905
Format: Consultancy

Reduce your cyber risk with our Cyber Incident Response Management. (G-Cloud service ID: 1607 9563 1889 722)

Develop a CIR capability around three key stages: prepare, respond and follow-up tailored to your organisational needs and business requirements. This service is based on the best-practice cyber security incident response framework developed by CREST and ISO/IEC 27035.

Enquire about this service now




The CIR Management product page offers the prospective client greater detail into the methodology, process and scope of work provided by the consultancy team.


Scope of work


Incident response management can help your organisation reduce the risk of information security incidents. A proper incident response framework will allow you to identify breaches, prevent unauthorised access to data stores, prevent malware infection, remediate threats, and control your risk and exposure during an incident.

The purpose of CIR is to manage unexpected, disruptive events with the objective of controlling the impact within acceptable levels.

  • Incidents can be technical, such as attacks mounted on the network via viruses, denial of service (DoS) and system intrusion, or they can be the result of mistakes, accidents, and system or process failure.
  • Even if they use state-of-the-art technology, organisations will never be able to stay ahead of cyber criminals and the threats they pose, but they can prepare an effective response system that will allow them to minimise the impact of any incident.
  • An organisation’s ability to detect, react and respond to security incidents in a fast, planned and coordinated fashion is of paramount importance to the organisation’s resilience and success.
  • Although it is important for organisations to have preventive measures in place to avoid security incidents, it is equally important that there is a robust, practised response plan should an incident occur.
  • The objective of incident response is to suitably prepare for the cyber attacks that organisations are likely to face.



  • Reduces overall organisational and cyber risk.
  • Improves cyber resilience.
  • Lower cyber insurance premiums.
  • Provides assurance to prospective clients, investors and the board of directors.
  • Minimal disruption to the business.
  • Expert advice from a leading CREST-certified consultancy.
  • Tailored to your organisational needs and business requirements.
  • Reduces incident impact and response times.
  • Additional services such as penetration testing can also be provided.


CIR – who is it for?

The CIR Management service is designed primarily for small to medium-sized enterprises that need to comply with the industry standards ISO 27001 (information security management system (ISMS)) and ISO 22301 (business continuity management system (BCMS)), or regulatory requirements such as the EU General Data Protection Regulation (GDPR) or the Payment Card Industry Data Security Standard (PCI DSS).


Free resources

To find out more about this service, download our free brochures, including:


CIR process cycle

The CIR process cycle is a constantly occurring sequence of events that monitors and responds to incidents. These sequenced phases are:

  • 1. DETECT – the incident is first detected with the CIR team going into response mode to manage the incident.

  • 2. REPORT – upon detecting the incident, the CIR team prepare a report that names the type of incident (virus, breach, phishing attack, etc.), the systems affected and the attack vector (the ‘how’ of the attack).

  • 3. INVESTIGATE – a thorough investigation is carried out to determine the extent of the incident, and the actions to implement to minimise the exposure and contain the attack.

  • 4. TRIAGE/ACTION – triage is first undertaken to contain the spread of the threat, and actions are implemented to eliminate the infection.

  • 5. RECOVERY PLAN – a recovery plan is drawn up based on the findings. CIR teams will generally have a generic blueprint of actions to take, but actual recovery plans will largely depend on the type of incident they are faced with.

  • 6. FOLLOW-UP – the CIR team is charged with constantly following up that its action plan recommendations are being carried out by the different business units, and that the infection/threat is being eliminated.


How we can help you

IT Governance is a world leader in the field of international management standards, IT governance, cyber security, CIR management, risk management and compliance.

Our professional services team has a wealth of consultancy skills and technical expertise. Our multi-disciplinary knowledge and experience mean we can help you achieve your project objectives wherever you are in the world.

We have a complete set of products and services, including information and advice, penetration testing, consultancy, audits, books, toolkits, training and staff awareness for IT governance, risk management, cyber security, compliance and data protection. This means you can get whatever you need for your project in one place.

For a CIR Management plan, we can:

  • Review your current IT status, perform a gap analysis, and recommend suitable controls and technical measures;
  • Advise you on the development of a suitable incident response process;
  • Design a bespoke incident response plan;
  • Develop an incident response team;
  • Provide training for the incident response team;
  • Create bespoke incident scenarios based on real-world experience;
  • Assist and advise on scenario testing ; and
  • Advise on a suitable framework for continual improvement.


IT Governance will provide all the support you need

Get started with your incident response planning strategy today with support from IT Governance.

With our help, you will be able to identify, detect and contain incidents faster. Our service will provide you with a detailed action plan and personnel training to mitigate the impact of any incident and restore services in a trusted and timely manner.

Prepare now for an effective CIR plan and mitigate the harmful effects of a breach should it occur. Contact us:


Customer Reviews

(0# of Ratings:)