What does the NCSP® 800-61 Awareness course cover?

It introduces the NIST SP 800-61 Incident Response Lifecycle, including detection, analysis, containment, eradication, and recovery.

Who is this course for?

All personnel who need to understand their role in incident response and organisational resilience.

Do I get a certificate?

Yes. The NCSP® 800-61 Awareness Certificate is awarded upon completion.

NIST Cybersecurity Professional®
NCSP® 800-61 Awareness Certificate

Build Awareness of NIST SP 800‑61: Computer Security Incident Handling

NIST Cybersecurity Professional®

NCSP® 800-61 Awareness Certificate

Course Description

NIST Special Publication 800‑61, Computer Security Incident Handling Guide, provides a structured, repeatable approach for preparing for, detecting, analysing, responding to, and recovering from cybersecurity incidents. It helps organisations build effective incident response (IR) capabilities that reduce impact, strengthen resilience, and support continuous improvement.

The NCSP® 800‑61 Awareness Certificate is a half‑day, instructor‑led course offering a concise introduction to the purpose, structure, and strategic value of NIST SP 800‑61. Designed for executives, managers, system owners, and stakeholders, this course explains how incident response supports organisational resilience, risk management, and regulatory expectations, without requiring technical or hands‑on IR expertise.

Participants gain a high‑level understanding of the incident response lifecycle, organisational roles, communication requirements, and how 800‑61 integrates with CSF 2.0, RMF (800‑37), 800‑53, and broader cybersecurity governance.

What You Will Learn

Participants gain essential awareness‑level knowledge of NIST SP 800‑61. You will learn:

The purpose, scope, and evolution of the NIST Incident Handling Guide.
The four phases of the incident response lifecycle.
Common incident types, indicators, and response considerations.
Organisational roles and responsibilities in incident response.
How incident handling supports resilience, compliance, and risk management.
How 800‑61 aligns with CSF 2.0, RMF, 800‑53, and continuous monitoring.

Course Agenda

Module 1: Introduction to NIST SP 800‑61 & Incident Response Fundamentals

A high‑level overview of NIST SP 800‑61, its purpose, and its role in organisational resilience. Introduces core IR concepts, incident types, and the importance of structured incident handling.

Module 2: The Incident Response Lifecycle; Prepare, Detect & Analyse, Respond, Recover

An awareness‑level introduction to the four phases of the NIST IR lifecycle:
- Preparation
- Detection & Analysis
- Containment, Eradication & Recovery
- Post‑Incident Activity
Explains how each phase contributes to effective and repeatable incident handling.

Module 3: Roles, Responsibilities & Governance for Incident Response

A concise overview of key roles involved in incident response, including system owners, IR teams, SOC analysts, legal, communications, and leadership. Covers governance structures, escalation paths, and communication requirements.

Module 4: Applying NIST 800‑61 in Practice - Alignment, Use Cases & Continuous Improvement

An introduction to how organisations apply 800‑61 in real‑world environments. Covers alignment with CSF 2.0, RMF (800‑37), 800‑53 controls, and sector‑specific requirements.

Learning Outcomes

Participants will be able to:

Describe the purpose and structure of NIST SP 800‑61.
Explain the incident response lifecycle at an awareness level.
Understand common incident types and indicators.
Recognise key roles and responsibilities in incident response.
Identify how 800‑61 aligns with CSF 2.0, RMF, 800‑53, and resilience frameworks.
Communicate the strategic value of incident response to stakeholders and teams.

Who Should Attend?

This course is designed for professionals who need a foundational understanding of incident response, including:

Executives & Senior Leaders
Business & System Owners
Governance, Risk & Compliance (GRC) Stakeholders
Programme & Project Managers
Security & Privacy Managers
Anyone seeking an introduction to incident response principles

Prerequisites

There are no prerequisites for this Awareness‑level course. No technical background is required.

Participants are provided with:

NIST Cybersecurity Professional® (NCSP®) 800-61 Awareness Certificate courseware including links to further reading and resources.
NIST Cybersecurity Professional® (NCSP®) 800-61 Awareness Certificate, Certificate of Completion.
NIST Cybersecurity Professional® (NCSP®) 800-61 Awareness Certificate digital badge.

Enrol Today

This NCSP 800‑61 Awareness course provides students with a foundational understanding of the NIST incident response lifecycle and organisational responsibilities.