The Cybersecurity Incident Response course is aimed at any staff with roles or responsibilities related to incident response, including system owners but also communications, legal and privacy staff. Previous technical knowledge is helpful, but not required for this course. Specifically, it is recommended that you have the following skills and knowledge before starting this course:

• Have experience with organisation-specific IT infrastructure and practices.
• Have an interest in developing an organisation-wide cyber-response strategy that extends beyond only technical staff.
• Have some responsibility for incident response processes in your organisation.

• Half day

This course will teach you the core components of organisational incident response in order to reduce risk. It explains common incident attack scenarios both in New Zealand and abroad, and includes guidelines for evaluating the impact of any incident. The course will discuss best-practice cyber-responses to the most common incident scenarios observed, taking into account the size and budget of any organisation. Upon course completion, you will be able to:

• Identify the most common forms of cybersecurity incidents
• Assess the current security maturity level of incident response in your organisation
• Identify a number of resources for:
  • Incident response process documentation templates
  • Best practice technical response

Module 1: Incident Response

• The Incident Response Process
• Basics of documentation
• Preparing for an incident
• Context of incidents in NZ and overseas

Module 2: Preparation

• Standard for incident response
• Creating a strawman incident response plan
• Critiquing an incident response plan

Module 3: Organisational Risks

• Technical responses to incidents
• Organisational responses to incidents
• Common weak links in incident response