Skip to Main Content
This website uses cookies. View our cookie policy
United Kingdom
Select regional store:
Incident Response Management Foundation Training Course

Incident Response Management Foundation Training Course

SKU: 4854

Find out how to effectively manage and respond to a disruptive incident (such as a data breach or cyber attack) and take appropriate steps to limit the damage to your business, reputation and brand. This course will provide an introduction to developing an incident response programme according to the requirements of the GDPR and NIS Directive.


Incident Response Management (CIRM F) qualification (ISO 17024-certificated). Exam included in course. This course qualifies for 7 CPE/CPD points.

Course duration:

1 day

UK locations:

London. See venue details.


Other ways to learn: 

Step 1 - Select location
Step 2 - Select date
Price: £495.00
ex vat
Step 3 - Select quantity

Incident Response Management Foundation Training Course outline

  • Understand key definitions and legal requirements that underpin incident response.
  • Identify the components of the cyber kill chain, recognise common cyber threats and understand common threat actors.
  • Define the structure, role and responsibilities of the incident response team.
  • Comprehend the seven stages of incident response. 
  • Propose the steps to formulate and test an incident response plan and define the scope of a business impact analysis.
  • Apply incident response techniques to common risk scenarios.
  • Know the role of cyber resilience in supporting incident response management.
  • Manage communications and reporting requirements under the General Data Protection Regulation (GDPR) and the Directive on security of network and information systems (NIS Directive). 

The benefits of the Incident Response Management Foundation Training course

  • Be better prepared when a breach or an incident occurs;
  • Respond faster to a data breach or incident by knowing exactly what to do and how to do it;
  • Know how to identify the cause of an incident and reduce further damage;
  • Effectively and quickly communicate with all relevant parties;
  • Reduce the impact of the event and take immediate action; and
  • Meet incident reporting deadlines of the GDPR and NIS Regulations

Who should attend this course?

Managers who are already involved in incident management with either an information security or data protection background. Individuals with little experience who are keen to enter the field or broaden their knowledge of incident management with a professional qualification.

Job titles:

  • Business managers 
  • Compliance managers 
  • IT managers
  • Helpdesk managers
  • Project managers 
  • Risk managers 
  • Information security managers 
  • ISO 27001 lead auditors
  • PCI QSAs

Why choose IT Governance for your training needs?

IT Governance is internationally recognised as the authority on ISO 27001. Our team led the world’s first ISO 27001 certification project, and since then we have trained more than 7,000 professionals on information security management. 

Course details

What does the Incident Response Management Foundation training course cover?

  • Identify critical information assets;
  • Identify and evaluate existing security controls;
  • Identify and distinguish between vulnerabilities, risks and threats;
  • Perform a business impact analysis;
  • Plan and design an incident response management programme;
  • Develop an incident response team;
  • Devise incident response testing scenarios; and
  • Establish a framework for continual improvement.

Course agenda:

  • What is incident response management?
  • Cyber risk
  • The incident response team
  • The incident response process
  • The incident response plan
  • Incident response scenarios
  • Scenario practical exercise
  • Cyber resilience

What’s included in this course?

  • A professional training venue with lunch and refreshments;
  • Full course materials (digital copy provided as a PDF file);
  • The Incident Response Management exam; and
  • A certificate of attendance.

What equipment should I bring?

The exam is an online exam. You will need to bring a ‘pop-up enabled’ laptop/tablet to the venue. Full details on how to access the exam will be provided by email 1–2 days before sitting the exam.

Course duration and times

Day 1: 9:00 am – 5.00 pm

CPD/CPE points

This course is equivalent to 7 CPD/CPE points.

How much does the Incident Response Management course cost?

The course costs £495 ex VAT.

Exams and qualifications

Incident Response Management exam

Attendees take the CIRM F, ISO 17024-certificated, exam set by IBITGQ at the end of the course. This is a one-hour multiple-choice online exam, consisting of 40 questions. Candidates need to achieve a minimum of 65% to pass. There is no extra charge for taking the exam.

What qualifications will I receive?

Incident Response Management (CIRM F).

How will I receive my exam results and certificates?

  • Provisional exam results will be available immediately on completion of the exam. Confirmed exam results will be issued within ten working days from the date of the exam.
  • Certificates for those who have achieved a passing grade will be issued within ten working days from the date of the exam.
  • Results notifications and certificates are sent directly to candidates by the relevant exam board in electronic format; please note that hard copy exam certificates are not issued.

Can exams be retaken?

Yes, if you are unsuccessful on the first attempt you can retake the exam for an additional fee. You can email us to schedule the retest for the exam.


Are there any prerequisites for this course?

There are no formal entry requirements but this is a professional course. It is assumed that attendees will have a good general understanding of cyber security principles and controls that underpin the protection of confidentiality, integrity and availability of data, gained through practical experience or reading.

Is there any recommended reading?

We would recommended purchasing one or more of the following:

Do I need to bring proof of identity?

Delegates must bring a form of photographic ID with them as the invigilator my request to check it prior to the exam.

“I have already recommended this course to two colleagues. They are just seeking approval from training dept. for funding! This is my fourth ITG course (CISP, CISF, CISLI previously) so you must be doing something right.”


Customer Reviews

(0.00)stars out of 5
# of Ratings: 0

You may also be interested in