BetaWe're making improvements — you're viewing a page on our new site.


Hands-on incident response

Learn how to handle a crisis situation under pressure and how to communicate about it to key stakeholders.

  • Online
  • Two sessions
  • Five hours
  • £250 - £400 + VAT

This course will be held on

  • There are no upcoming dates


    Incident response is an organised approach to addressing and managing the aftermath of a security breach. The goal is to handle the situation in a way that limits damage and reduces recovery time and costs.

    This live online courses includes short, practical team exercises in which you can test your skills in detecting and efficiently responding to incidents.  You will experience a crisis situation and learn how to handle this under pressure and how to communicate about and during the crisis to key stakeholders.

    It was a well structured day and the exercises covered important security issues which helped to raise awareness both within IT and senior management.
    HE practitioner and course participant


    • Challenging scenarios will allow you to experience and react to a serious incident in a safe environment
    • Assess your own organisation’s preparedness and ensure you are fully prepared with an effective incident response procedure
    • Each scenario will be analysed for success and lessons learnt  - giving you a checklist of actions to implement at your organisation
    • Work through a straightforward incident response procedure, detecting, identifying, responding and compiling lessons learned, making recommendations for better future response and for preventing a recurrence
    • Understand the importance of effective communication with IT staff, representatives from legal, human resources, and public relations departments during an incident
    • Take away some scenarios to run with your teams to give them a chance to experience

    Launching next month

    A new service that will offer organisations a deeper dive into their incident response plans and reactions. This three session package is tailored to your organisation. We will take you through a real world simulated Ransomware attack, allowing you to test your existing plans, policies and communication in a high pressure scenario. Finishing by analysing the results to make changes to strengthen your readiness for cyber attacks.

    Express your interest here.

    Course format

    This course comprises of two online sessions, each lasting two and a half hours. The sessions will involve presentations, audio and interactive chat both as a whole class and in break-out groups. 

    Our courses are designed to provide a balance between practical activities and information dissemination, as we believe people learn when they are engaged in the instructional process. 

    This course includes participant involvement through discussion and group work created specifically for the course.  

    These sessions are delivered over Adobe Connect, which you can access using the Adobe Connect app or directly via your browser. Further detailed instructions will be sent following booking.

    We would also recommend the use of a second screen where possible. 

    Who should attend

    This course will be of benefit to any technical staff responsible for their organisations security incident response that are new to incident response.

    The interactive manner of this training was very useful as it encouraged us to think things through rather than to just absorb information passively.
    Higher education practitioner and workshop participant

    What we cover

    During the day we will explore different scenarios including:

    • Lost equipment
    • Denial of service (DoS) attack
    • Stolen data and ransom

    Training outcomes

    By the end of the course, delegates will be able to:

    • Assess the incident response policies and procedures at their organisation and make recommendations for improvement
    • Draw on an effective response plan and understand the key process and documentation necessary to effectively respond to a security incident in an organisation and the help and support they can give during an incident
    • Understand the role of the Janet Network CSIRT, and who the security contacts are within an organisation
    • Describe the key elements of a security incident lifecycle
    • List key stakeholders and have a plan of when and how to communicate with them  and involve them during an incident
    • Run an incident response exercise for their teams

    Earn digital credentials for this course

    By completing this course, you can earn the 'completed' digital badge. Find out more about digital credentials.

    Pricing and eligibility

    • Jisc members - £250 + VAT
    • Non-member - not-for-profit - £300 + VAT
    • Other organisations - £400 + VAT


    For more information or to register your interest in future dates, email or phone 01235 822242.

    An easy route to procurement

    We are an approved supplier on the Crown Commercial Service dynamic purchasing system (DPS). This provides a simple and trusted way for public sector buyers and our members to procure Jisc cyber security services and training.