ZX Security

Incident Response Planning

The impact of cybersecurity incidents, most notably ransomware, can be devastating for almost any organisation. From the loss of critical business services to the disclosure of sensitive information, it has become clear that having a process to mitigate harm during an incident is something that is critical for most organisations that want to improve the security maturity


This course has been updated to more accurately reflect the incident response landscape as of 2022. The cybersecurity incident response course is intended for those wishing to develop or critique their incident response processes. The course covers the basics of incident response processes, risk and documentation, including alignment with both the NZISM and other international security standards in order to achieve best practice. It includes discussion of a number of incident response templates and how to critique existing incident responses processes.

Who should attend?

The Cybersecurity Incident Response course is aimed at any staff with roles or responsibilities related to incident response, including system owners but also communications, legal and privacy staff. Previous technical knowledge is helpful, but not required for this course. Specifically, it is recommended that you have the following skills and knowledge before starting this course:

  • Have experience with organisation-specific IT infrastructure and practices.
  • Have an interest in developing an organisation-wide cyber-response strategy that extends beyond only technical staff.
  • Have some responsibility for incident response processes in your organisation.


  • Half day

Course content

This course will teach you the core components of organisational incident response in order to reduce risk. It explains common incident attack scenarios both in New Zealand and abroad, and includes guidelines for evaluating the impact of any incident. The course will discuss best-practice cyber-responses to the most common incident scenarios observed, taking into account the size and budget of any organisation. Upon course completion, you will be able to:

  • Identify the most common forms of cybersecurity incidents
  • Assess the current security maturity level of incident response in your organisation
  • Identify a number of resources for:
    • Incident response process documentation templates
    • Best practice technical response

Module 1: Incident Response

  • The Incident Response Process
  • Basics of documentation
  • Preparing for an incident
  • Context of incidents in NZ and overseas

Module 2: Preparation

  • Standard for incident response
  • Creating a strawman incident response plan
  • Critiquing an incident response plan

Module 3: Organisational Risks

  • Technical responses to incidents
  • Organisational responses to incidents
  • Common weak links in incident response