Incident Response Planning

When it comes to cyber attacks, it’s not a matter of if, but when. How you respond to a cyber security incident is just as important as how you defend against one.

More and more organisations are experiencing cyber breaches and their responses can have significant impact on their business. A poor response can reflect badly on an organisation and impact share price, customer perception, short term revenue and longer term profitability.

Therefore, organisations need to have a robust, tested and well understood incident response and crisis management plan in place. NCC Group can provide targeted, pragmatic advice, plans, playbooks and testing.

The bespoke services we provide include the following:

  • Incident Response (IR) Plan Review and Delivery – tailored IR plan using best practice guidance from ISO, NIST (Special Publication 800-61) and ACPO (Association of Chief Police Officers) including:
    • Prepare, Identify, Assess Respond and Learn phases
    • Up to ten defined playbooks for incidents such as DDoS attacks, ransomware and exfiltration of data;
    • Protecting forensic evidence;
    • Communications with third parties;
    • Testing schedule;
    • Escalation to Crisis Management.


  • IR Table Top Exercise – scenarios are constructed and delivered to your incident and crisis management teams to put them through the paces of a typical cyber incident.
    • Tailored real-life scenarios specific to your organisation;
    • Production of a Master Events List (MEL) for each scenario to develop the incident during the exercise;
    • Design of scenario injects to replicate real world evolution of a cyber security incident;
    • Expert facilitation;
    • Exercise summary report and lessons learned.

Our Incident Response services have been built upon the demand from our customers – so that they have a solid plan and have tested it to ensure it works.
If you would like to discuss our Incident Response service please contact us.


Contact us