What is the NCSP® 800-61 Foundation Certificate?

The NCSP® 800-61 Foundation Certificate provides a structured, practitioner-ready understanding of the incident handling and response lifecycle defined in NIST SP 800-61 Revision 2. It prepares learners to apply incident response concepts across organisational cybersecurity programs.

Who owns and governs the NCSP® 800-61 Foundation Certificate?

The NCSP® 800-61 Foundation Certificate is globally owned by CySec Professionals Ltd and governed by The Digital Trust Institute® (DTI®), ensuring alignment with NIST CSF 2.0, NIST SP 800-61, and NIST Special Publications.

How does this course align with NIST SP 800-61?

The course provides a deep understanding of NIST SP 800-61 Rev. 2, including preparation, detection and analysis, containment, eradication, recovery, and post-incident activities, and how these processes integrate with NIST CSF 2.0 and enterprise cybersecurity programs.

Is NCSP® 800-61 Foundation considered official NIST training?

NCSP® training is not generic NIST training. It is a governed, trademarked credential ecosystem aligned to NIST CSF 2.0, NIST SP 800-61, and NIST Special Publications, with formal ownership and governance.

Who is authorised to deliver NCSP® 800-61 Foundation training?

Only organisations formally authorised by CySec Professionals Ltd may deliver NCSP® training or assessments. Unauthorised use of NCSP® trademarks is prohibited.

NIST Cybersecurity Professional®
NCSP® 800-61 Foundation Certificate

Master the Art of Incident Response with the NIST SP 800-61 Rev. 3 Framework

NIST Cybersecurity Professional®

NCSP® 800-61 Foundation Certificate

Course Description

In an era of relentless digital threats, an organization's ability to detect, respond to, and recover from security incidents is the ultimate measure of its resilience.

The NCSP® 800-61 Foundation Certificate is a 2-day, instructor-led course designed to provide cybersecurity professionals with a comprehensive understanding of the NIST Special Publication 800-61: Computer Security Incident Handling Guide.

This course goes beyond technical "firefighting" to teach a structured, lifecycle-based approach to incident management. Aligned with the NIST Cybersecurity Framework (CSF) 2.0, this training focuses on building a coordinated response capability that minimizes impact, protects brand reputation, and ensures rapid recovery.

What You Will Learn

Participants will gain the foundational knowledge required to design, implement, and manage an Incident Response (IR) capability. You will learn:

How to align Incident Management with the NIST CSF 2.0 (Detect, Respond, and Recover).
The essential components of an IR Policy, Plan, and Strategy.
The four phases of the Incident Response Lifecycle: Preparation; Detection & Analysis; Containment, Eradication & Recovery; and Post-Incident Activity.
How to coordinate with external stakeholders and legal entities during a breach.

Course Agenda

Day 1: Incident Response Strategy & Preparation

Module 1: Introduction to NIST SP 800-61

Understanding the evolution of the standard and its role in modern cybersecurity.

Module 2: Governance & Policy

Establishing the authority and resources for an Incident Response Team (IRT).

Module 3: Phase 1 - Preparation

Building the tools, training, and processes required before an incident occurs.

Module 4: Phase 2 - Detection & Analysis

Learning to identify signs of incidents and how to perform initial triage and prioritisation.

Day 2: Response, Recovery & Continuous Improvement

Module 5: Phase 3 - Containment & Eradication

Strategies for stopping the spread of an attack and removing the threat from the environment.

Module 6: Phase 4 - Recovery

Restoring systems to normal operation and validating security posture.

Module 7: Post-Incident Activity

Mastering the "Lessons Learned" process to drive organisational improvement.

Module 8: Coordination & Communication

Managing internal and external information sharing.

Learning Outcomes

Participants will be able to:

Demonstrate how to integrate the incident response lifecycle directly with the NIST Cybersecurity Framework 2.0 functions, specifically focusing on the transition from Detect to Respond and Recover.
Identify and describe the technical and operational requirements for each stage of the NIST incident response process: Preparation; Detection & Analysis; Containment, Eradication, & Recovery; and Post-Incident Activity.
Define the organizational requirements for a successful IR capability, including the creation of an Incident Response Plan (IRP), the definition of team structures (Centralized vs. Distributed), and the establishment of clear reporting authorities.
Apply "Lessons Learned" methodologies to transform incident data into actionable security improvements, ensuring the organization’s defensive posture evolves based on real-world threat intelligence and forensic analysis.

Who Should Attend?

This course is designed for IT and Security professionals who are responsible for maintaining the security of their organization's assets, including:

Cybersecurity Analysts & Incident Responders
IT Managers & Systems Administrators
SOC (Security Operations Center) Staff
Risk Management Professionals
Project Managers overseeing security initiatives

Prerequisites

There are no formal prerequisites for this Foundation‑level course, though a basic understanding of cybersecurity concepts and the NIST CSF is recommended.

Participants are provided with:

NIST Cybersecurity Professional® (NCSP®) 800-61 Foundation Certificate courseware including links to further reading and resources.
NIST Cybersecurity Professional® (NCSP®) 800-61 Foundation Certificate, Certificate of Completion.
NIST Cybersecurity Professional® (NCSP®) 800-61 Foundation Certificate digital badge.