back to overview
Cyber Security Incident Management

Delivery: classroom, hands on, workshop // Duration: 3 days

This course gives participants an in-depth understanding how to prepare and organize incident response capabilities within the organization. Beneath teaching concepts, methodologies and tactics, also reflection of personal experiences will take place. Different exercises to deepen and apply the knowledgetop off the training.


Learning Objectives

By the end of this course, students will be able to:

  • Understand and design Security Incident Management Processes (SIMP)

  • Plan a response strategy to security incidents

  • Take the lead when responding to major incidents / escalations from CDC

  • Fulfill a managing role in CERT or CDC


Course Content

  • Intro and Definitions

    • What are Cyber Attacks?

    • Current Threat landscape - real world incidents

    • Get a common understanding of Cyber defense strategies

  • Security Incident Management Processes (SIMP)

    • Well known SIMP variants

    • From high level SIMP to practical workflow

    • Surrounding and underlying processes

    • 4 Pillars for success: Organization, Processes, Resources, Technologies

  • Organizing Incident Response

    • Security Incident Management in organizational context

    • Who is CERT and what’s his last name?

    • Interfaces to CDC, IT operations and crisis management

    • Threat map

    • Attack kill chain

    • Maturity rating – mind the gap

    • Response strategy and tactics

    • How to get people?

  • Manage the daily incidents

    • Prerequisites for efficient incident response

    • Standardize and automate incident response

    • Doing lessons learned

    • Escalation to 3rd level and CSIRT

  • Handle the extraordinary incidents

    • Plan and establish a CSIRT

    • Handle the incident

      • Incident coordination

      • Advanced monitoring

      • Containment / Immediate actions

      • Forensic Analysis

      • Remediation

    • Doing lessons learned

    • Escalation to crisis


Target Audience

  • Leads of Cyber Security Incidents Response Teams (CSIRT)

  • Managers of CERT or CDC

  • Senior CERT members

  • Senior or 3rd level CDC analysts

  • Senior digital forensics analyst


Pre-requisite for Course Registration

  • Recommendation: Basic know how of IT systems and information security or completed ISH Cyber Security Fundamentals for IT-Pros course

  • Recommendation: Completed ISH Information Security Management course with certification ISH ISMS Specialist ISH ISMS Specialist Diploma

  • Practical experience in dealing with security incidents (CDC or digital forensics)

  • Ability to think abstractive, organization and planning skills


Certification: ISH Cyber Security Incident Manager Diploma

The ISH Cyber Security Incident Manager Diploma provides participants with a broad and detailed understanding of technical and organizational Cyber Security Incidents and Crisis.


How to get to the ISH Campus?

Address: Südallee 1 85326 Munich, Germany
Phone: +49 (0)89 975 32275

By car - from the A92 / Munich

Leaving the motorway A92 you will find yourself at the "Zentralallee". When reaching the first bridge, turn right and leave the "Zentralallee" following the sign with direction "Fracht/Cargo/Wartungsallee/Südallee/FOC".  Continue to follow the street  until the end - for approx. 1,5 km -  and turn left. On your right you will reach the “Luftpostleitstelle” where the ISH is located. 

By S-Bahn / airplane

Take the S-Bahn line S8 or S1 and drive to the “Besucherpark”. Exit the S-Bahn station towards the Flight Operations Center (FOC / Lufthansa) and at the bottom of the stairs, turn left and follow the road for approx. 1,5 km, leaving the "Frachtgebäude/Cargo" at your right hand side. At its end turn left and you will reach the "Luftpostleitstelle" where the ISH is located. 

Are events and trainings in English or in German?

Since we want to provide the best trainings and events for “Securing the Global future” we offer our programs in both English and German. You can tell which language the training or event is in by which flag icon is listed next to the title. A British flag for English or the German flag for Deutsch.

How can I book an open class or company training?

For our "CDC Handling" open class trainings please register via our online registration form. If you plan a company training please arrange a date with our training department, as we offer these trainings on demand.

Which hotels are in the area?

While there is a wide range of hotels around the airport we personally have stayed at both the Hilton and Novotel hotel, and find them to be very nice and comfortable.

Hilton Munich Airport

Address: Terminalstraße Mitte 20, 85356 München-Flughafen
Phone: +49 (0)89 97820

Hotel Novotel

Address: Nordallee 29, 85356 München Phone: +49 (0)89 9705130