For executives and directors

Assessing Information Security Risk using the OCTAVE Approach – 2 days

OCTAVE Allegro is a structured, repeatable risk assessment method that can be used across the organisation, providing a streamlined approach to information security assessment and assurance. It uses a collaborative way of working to address information security risks in a business context.

This intensive two day course is aimed at senior executives, as well as decision makers in risk, IT operations and security functions.

Overview of Creating and Managing CSIRTs – 1 day

Computer Security Incident Response Teams (CSIRTs) come in all shapes and sizes. Some are permanent, formalised teams while others are ad-hoc and pulled together to respond to a specific event.

This one day course gives a high level overview of the key issues and decisions involved in establishing and maintaining an effective CSIRT. The course takes an organisation wide view of information security, and covers key policies, procedures, methods and tools.


For information security managers

Creating a Computer Security Incident Response Team – 1 day

This one-day course is designed for managers and project leaders who have been tasked with implementing a computer security incident response team (CSIRT). This course considers the key issues and decisions that must be addressed in establishing a CSIRT.

As part of the course, attendees will develop an action plan that can be used as a starting point in planning and implementing their CSIRT.

Managing a Computer Security Incident Response Team – 3 days

This course takes a pragmatic look at the issues faced when managing a computer security incident response team (CSIRT). The course provides insight into the work that CSIRT staff may be expected to handle. It also provides prospective or current managers with an overview of the incident handling process and the types of tools and infrastructure needed to be effective. Technical issues are discussed from a management perspective.

Topics include hiring CSIRT staff, identifying critical information, publishing information, establishing effective working relationships, working with law enforcement, evaluating CSIRT operations, building CSIRT service capacity, and the importance of pre-established policies and procedures.


For technical staff

Organisation wide

Fundamentals of Incident Handling
5 days

This course is designed to provide insight into the work that an incident handler may perform. It will provide an overview of incident handling, including intruder threats, and the nature of incident response activities.

The course is aimed at technical staff who have little or no incident handling experience, or more experienced staff wanting a best practice refresher. It provides an introduction to the main incident handling tasks and critical thinking skills that help an incident handler perform their daily work.

Course attendees learn how to gather the information required to handle an incident; the importance of having and following pre-defined policies and procedures; understand the technical issues relating to commonly reported attack types; perform analysis and response tasks for various sample incidents; apply critical thinking skills in responding to incidents, and identify potential problems to avoid.

Cyber Outreach Awareness Training

This 90 minute, non-technical training course, tailored specifically for your organisation, is intended to raise the cyber security awareness by communicating best practice that can be applied with maximum results and minimum effort. Delivered at your offices or a venue of your choice, our awareness training brings real world cyber issues to life, and can be delivered to groups of up to 100 at a time.

Many of our clients find it useful to invite their staff to bring partners and older children along to this training session.  The focus on security at home as well as work helps lift engagement with the topic, and encourages staff to protect work devices used outside the office.