CYBER CRISIS MANAGEMENT 
CERTIFICATION SERIES

  • GAIN CYBER CRISIS MANAGEMENT EXPERTISE IN ONE WEEK

  • BUILD ORGANIZATIONAL INCIDENT RESPONSE MATURITY

  • COMPLY WITH LEGAL AND REGULATORY REQUIREMENTS

How to Build a Cyber Crisis Management Plan
Cyber War Game Exercise Training
Cyber Crisis Leadership Training

OBJECTIVE

A deep, hands-on immersion into the full realm of Cyber Crisis Management in a single training event!  Attendees are able to select from any or all of our Cyber Crisis Management certification series of courses. 

 

Choose the Cyber Crisis Management Planning Professional (C2MP2) certification course if you want to learn how to develop a Cyber Crisis Management Plan / Cyber Crisis Response Plan (CCMP/CCRP) and all of the related artifacts an organization, consulting company, or MSSP needs to deliver on this Board-level capability. 

Choose the Cyber Crisis Management Exercise Professional (C2MEP) certification course if you want to learn how to build, deliver, and optimize cyber war game table top exercises for your organization or others.

Choose the Cyber Crisis Management Leadership Professional (C2MLP) certification course if you and/or your cyber crisis response team want to learn how to effective lead the response to a major cyber incident.  This executive education program teaches leaders how to transition from problem solvers to sense-makers.  This course includes a 24 of our one-of-a-kind simulation immersions.

There truly is no other stand-alone or integrated program like our cyber crisis management certification series!

VALUE

You and or your organization can rapidly gain unparalleled knowledge, skills, and abilities in this unique 5-day program.  Cyber crisis is a Baord-level issue and no organization is exempt from delivering on its due care and due diligence requirements surrounding incident response.

C2MLP2 Green_White.png

TRAINING AGENDA: DAY 1 & DAY 2
CYBER CRISIS MANAGEMENT PLANNING PROFESSIONAL (C2MP2)

FOUNDATIONS OF A CYBER CRISIS MANAGEMENT PLAN

  • THE PLAN CORE

    • Acronyms

    • How to Use the Cyber Crisis Management Plan

    • Define Plan Purpose

    • Response Organization

    • Response Structure

  • ​FUNCTIONAL INCIDENT RESPONSE PLANS

    • Functional Incident Response Plan (Detailed)

    • Functional Incident Response Plan (Summary)

    • Linking Incident Response Plans

  • RESPONSE PROCESS FLOW

    • Response Process Flow Foundation

    • Master and CSIRT Incident Response Plans

    • Response Process Flow Completion

  • CYBER WAR ROOMS & BRIDGE LINES

    • ​War Rooms

    • Bridge Lines

    • Cyber Crisis Logistics

  • ​TEAMS, ROLES & RESPONSIBILITIES

    • ​Cyber Crisis Executive Team (CCET)

    • Cyber Crisis Management Team (CCMT)

    • Cyber Crisis Response Team (CCRT)

    • Computer Security Incident Response Team (CSIRT)

    • Cyber Crisis Support Team (CCST)

  • ​WORKING GROUPS

    • ​Communications Working Group

    • Technology Working Group

    • Additional Working Groups

CYBER CRISIS MANAGEMENT/RESPONSE PLAN USAGE AND VALIDATION (TABLETOP WAR GAMES)

  • PROJECT PLANNING

    • Project Resources

    • Project Phases & Activities

    • Phase I: Plan

    • Phase II: Build

    • Phase III: Test

    • Phase IV: Implement

  • ​TRAINING THE ORGANIZATION

    • CCMP Training Deck

  • ​TABLETOP CYBER WAR EXERCISES

    • ​Tabletop Exercises vs. Immersive Simulations

    • Exercise Roles & Responsibilities

    • Exercise Logistics

    • Exercise Materials

    • Exercise Execution

    • Exercise Conclusion

    • After-Action Reporting

  • ​WRAP-UP

    • ​Version Control

    • Release Planning

CYBER CRISIS MANAGEMENT ROLES, CHECKLISTS & TEMPLATES

  • PLAN OWNERSHIP AND GOVERNANCE

    • ​Plan Ownership

    • Plan Governance

  • ​IMPACT CATEGORIES, SCALES & SCORES

    • Impact Categories, Scales & Scores Table

  • ​CYBER ATTACK & CRISIS ANATOMIES

    • ​Cyber Attack Anatomy

    • Cyber Crisis Management Anatomy™

  • ​CYBER CRISIS INFORMATION FORM

    • CCIF Development

  • ​CHECKLISTS

    • ​Lead Incident Handler Checklist

    • Pre-Confirmation

    • Post-Confirmation

    • Cyber Crisis Deactivation Checklist

  • ​TEMPLATES

    • ​LIH-to-EIC Email Template

    • EIC-to-CCRT Incident Notification Email Template

    • LIH-to-CCRT Initial Meeting Email Template

    • Initial CCRT Meeting Agenda Template

    • Subsequent CCRT Meeting Agenda Template

    • SEIC-to-CCET Email Template

  • ​QUICK REFERENCE CARDS

    • ​CCET Quick Reference Card

    • SEIC Quick Reference Card

    • EIC Quick Reference Card

    • LIH Quick Reference Card

    • IRL Quick Reference Card

C2MP2 CERTIFICATION EXAM

  • Online​

  • 50 multiple choice questions

  • Two hours

  • 70% passing score

  • Digital badge

  • Professional certificate

  • Green C2MP2 "Wolf" lapel pin

    • Made in Estonia by Roman Tavast​

C2MEP Red_White.png

TRAINING AGENDA: DAY 3
CYBER CRISIS MANAGEMENT EXERCISE PROFESSIONAL (C2MEP)

COURSE OUTLINE

  • Course welcome

  • Course objectives

  • Incident response maturity

  • Incident response maturity phases

  • Hazard Mitigation Plan & Threat and Hazard Identification and Risk Assessment (HMP/THIRA)

  • U.S. Homeland Security Exercise and Evaluation Program (HSEEP)

  • NIST 800-34: Contingency Planning in Federal Information Systems

  • NIST 800-61: Computer Security Incident Handling Guide

  • NIST 800-84: Guide to Test, Training, and Exercise Programs

  • NIST 800-184: Guide for Cybersecurity Event Recovery

  • ISO 27035: Information Security Incident Management

  • ISO 22398: Societal Security - Guidelines for Exercises

  • Exercise types and methods

  • Exercise program guidelines

  • Exercise program policy and governance

  • Exercise roles and responsibilities

  • Exercise Phases: Plan, Build, Deliver, Evaluate, and Optimize

  • Plan: Risk scenarios

  • Plan: Initial planning meeting

  • Plan: Midterm planning meeting

  • Plan: Final planning meeting

  • Plan: Exercise Plan/Situation Manual

  • Build: Master Event and Inject List

  • Build: Injects

  • Build: Facilitator Guide

  • Build: Participant Guide

  • Build: Observer Guide

  • Deliver: Exercise logistics

  • Deliver: Exercise materials

  • Deliver: Exercise conclusion

  • Evaluate: After-Actin Reporting

  • Optimize: Exercise improvement planning

  • Optimize: Program metrics and reporting

  • Optimize: Program improvement planning

  • Practical

    • Serve as exercise lead, facilitator, or observer for a given exercise subset

  • Course review

C2MEP CERTIFICATION EXAM

  • Online​

  • 50 multiple choice questions

  • Two hours

  • 70% passing score

  • Digital badge

  • Professional certificate

  • Red C2MEP "Wolf" lapel pin

    • Made in Estonia by Roman Tavast​

C2MLP Black_White.png

TRAINING AGENDA: DAY 4 & DAY 5
CYBER CRISIS MANAGEMENT LEADERSHIP PROFESSIONAL (C2MLP)

COURSE OUTLINE

  • Introductions

    • Incident response maturity

    • Anatomy of a cyber crisis response

    • Cyber crisis response architecture/framework

  • Module 1: Sense-Making During a Cyber Crisis

    • Challenges to leading in non-routine situations

    • The root cause of crisis management issues

    • The importance of credibility

    • Simulation 1

    • The value of maps

    • Managing risks and value of a feedback loop

    • Proactive risk management

    • Sense-making approaches

    • Eliminating groupthink

    • 4-D sense-making

    • Simulation 2

    • Assessing feedback limitations

    • Simulation 3

  • Module 2: Broadening the Perspective

    • Simulation 4

    • The wider system

    • Identifying clues

    • What you see is all there is

    • Video demonstration

    • Blind to our blindness

    • Bar story

    • The power of recognition

    • Priming recognition

    • Bugs in the human software

    • Simulation 5A & 5B

    • Simulation 6A & 6B

    • Cultural dimensions

    • Cultural dimension: country profiles

    • Cultural dimensions: your team & the CCRT

    • Cultural dimensions: correlating cyber attack data

    • Top cyber attack techniques: China

    • Top cyber attack techniques: Iran

    • Top cyber attack techniques: Russia

    • Looks matter & the truth

    • Nation state attack implications on our thoughts

    • Four explanations

    • Simulation 7

  • Module 3: Restructuring our Thinking

    • System 1 & System 2

    • Thinking in frames

    • Case study

    • Frame influences

    • Your frames

    • My blind spots

    • Simulation 8

    • Simulation 9

    • Simulation 10

    • Simulation 11

    • Simulation 12

  • Capstone Immersion & Module 4: Building Future Crises Leaders

    • Capstone Immersion (12 simulation series)

      • Applying the knowledge

      • Open discussion on performance outcomes

    • Module 4: Challenges for Leaders Building Leaders

      • Finding order

      • Complexity vs chaos

      • Wanted: Leaders

C2MlP CERTIFICATION EXAM

  • Online​

  • 20 multiple choice questions

  • One hour

  • 70% passing score

  • Digital badge

  • Professional certificate

  • Black C2MLP "Wolf" lapel pin

    • Made in Estonia by Roman Tavast​