Ransomware incident response workshop
Test your infrastructure, policies and procedures with a realistic simulated incident.
About
The UK’s National Cyber Security Centre (NCSC) has warned that UK organisations need to plan for when they get hit by a cyber-related incident, not if. Ransomware incidents affecting the sector continue to grow in number and severity, often taking organisations off-line for extended periods, severely impacting business continuity, revenue and reputation.
The NCSC recommend annual tests of cyber incident response plans.
With our knowledge of the threat landscape affecting Jisc members, we have developed an incident response workshop which will:
- Bring together your incident response team in a safe environment
- Test your current incident response capability and readiness
- Improve staff awareness of roles and responsibilities
- Inform your communication strategy and policy and process development
- Provide you with detailed recommendations on how to improve your incident response capability and security posture
Level
This workshop is suitable for all levels. However, please look at the workshops below to check the suitability for your current requirements:
Who should attend?
This workshop has been designed to simulate a major incident, where all your digital assets have been compromised. We therefore recommend that anyone involved in such an incident attends. You will require senior key decision makers who are accountable and responsible during a major incident alongside your IT and cyber technical teams. This may include the VC/Principal, Marketing and Communications, HR, Finance, Estates, Student Records, MIS, Research etc.
Course structure
Part 1
Scoping call held online. This call will be booked in at least 4 weeks before the on-site workshop and will take approximately 1- 1.5 hours. The aim of this call is to determine and develop a tailored approach that meets your needs.
Attendance is required by your IT and cyber technical teams, as well as any SLT champions, such as the Director of IT.
Part 2
On-site workshop (full day). This workshop is divided into two sessions:
a. Morning session
Live table top exercise. This is a short simulated incident designed to familiarise your IT team with the format and scenarios. Your existing incident response policies and processes are then reviewed.
Attendance is required by your IT and cyber technical teams.
b. Afternoon session
This is a live simulated ransomware attack, aimed at all staff from across your organisation who would be involved in responding to a real incident.
Attendance is required by all key senior key decision-makers who are accountable and responsible during a major incident, along with your IT and cyber technical teams.
The technical and SLT teams will be split into two separate rooms, with communication and decision-making flowing between the two.
Part 3
Report from Jisc security specialists presenting findings from the live exercise and recommendations including next steps for your organisation. This will be emailed to you within 28 working days after the on-site workshop.
Cardiff Metropolitan University: emerging stronger from cyber attack
When Sean Cullinan, head of information services at Cardiff Metropolitan University, realised the university’s systems were under attack, it kickstarted a powerful working relationship with Jisc that transformed security.
What else do I need to know?
- We are taking bookings six months in advance due to the popularity of this workshop.
- We will hold dates for a maximum of two weeks before offering to other organisations.
- It is recommended that all senior key decision makers who are accountable and responsible during a major incident, alongside your IT and cyber technical teams, participate in the workshop.
- The training is split into three parts that typically take place over an eight-to-ten-week period. See details about the course structure above.
Contact us
Please contact training@jisc.ac.uk for further details or to join our waiting list.