Who should attend this incident handling course?

It is suitable for SOC analysts, incident responders, IT teams, and cybersecurity professionals.

Do I need incident response experience?

No prior experience is required for this Foundation-level course.

Does the course include certification?

Yes, participants receive the NCSP 800-61 Foundation Certificate and digital badge.

NIST Cybersecurity Professional®
NCSP® 800-61 Foundation Certificate

Master the Art of Incident Response with the NIST SP 800-61 Rev. 3 Framework

NIST Cybersecurity Professional®

NCSP® 800-61 Foundation Certificate

Course Description

In an era of relentless digital threats, an organization's ability to detect, respond to, and recover from security incidents is the ultimate measure of its resilience.

The NCSP® 800-61 Foundation Certificate is a 2-day, instructor-led course designed to provide cybersecurity professionals with a comprehensive understanding of the NIST Special Publication 800-61: Computer Security Incident Handling Guide.

This course goes beyond technical "firefighting" to teach a structured, lifecycle-based approach to incident management. Aligned with the NIST Cybersecurity Framework (CSF) 2.0, this training focuses on building a coordinated response capability that minimizes impact, protects brand reputation, and ensures rapid recovery.

What You Will Learn

Participants will gain the foundational knowledge required to design, implement, and manage an Incident Response (IR) capability. You will learn:

How to align Incident Management with the NIST CSF 2.0 (Detect, Respond, and Recover).
The essential components of an IR Policy, Plan, and Strategy.
The four phases of the Incident Response Lifecycle: Preparation; Detection & Analysis; Containment, Eradication & Recovery; and Post-Incident Activity.
How to coordinate with external stakeholders and legal entities during a breach.

Course Agenda

Day 1: Incident Response Strategy & Preparation

Module 1: Introduction to NIST SP 800-61

Understanding the evolution of the standard and its role in modern cybersecurity.

Module 2: Governance & Policy

Establishing the authority and resources for an Incident Response Team (IRT).

Module 3: Phase 1 - Preparation

Building the tools, training, and processes required before an incident occurs.

Module 4: Phase 2 - Detection & Analysis

Learning to identify signs of incidents and how to perform initial triage and prioritisation.

Day 2: Response, Recovery & Continuous Improvement

Module 5: Phase 3 - Containment & Eradication

Strategies for stopping the spread of an attack and removing the threat from the environment.

Module 6: Phase 4 - Recovery

Restoring systems to normal operation and validating security posture.

Module 7: Post-Incident Activity

Mastering the "Lessons Learned" process to drive organisational improvement.

Module 8: Coordination & Communication

Managing internal and external information sharing.

Learning Outcomes

Participants will be able to:

Demonstrate how to integrate the incident response lifecycle directly with the NIST Cybersecurity Framework 2.0 functions, specifically focusing on the transition from Detect to Respond and Recover.
Identify and describe the technical and operational requirements for each stage of the NIST incident response process: Preparation; Detection & Analysis; Containment, Eradication, & Recovery; and Post-Incident Activity.
Define the organizational requirements for a successful IR capability, including the creation of an Incident Response Plan (IRP), the definition of team structures (Centralized vs. Distributed), and the establishment of clear reporting authorities.
Apply "Lessons Learned" methodologies to transform incident data into actionable security improvements, ensuring the organization’s defensive posture evolves based on real-world threat intelligence and forensic analysis.

Who Should Attend?

This course is designed for IT and Security professionals who are responsible for maintaining the security of their organization's assets, including:

Cybersecurity Analysts & Incident Responders
IT Managers & Systems Administrators
SOC (Security Operations Center) Staff
Risk Management Professionals
Project Managers overseeing security initiatives

Prerequisites

There are no formal prerequisites for this Foundation‑level course, though a basic understanding of cybersecurity concepts and the NIST CSF is recommended.

Participants are provided with:

NIST Cybersecurity Professional® (NCSP®) 800-61 Foundation Certificate courseware including links to further reading and resources.
NIST Cybersecurity Professional® (NCSP®) 800-61 Foundation Certificate, Certificate of Completion.
NIST Cybersecurity Professional® (NCSP®) 800-61 Foundation Certificate digital badge.