A collection of posts, guides and tips, focusing on Incident Management, this site supports the newly expanded SANS LDR553 Cyber Incident Management course as a follow on resource.


Plan for the worst and hope for the best they say. By virtue of thinking about the types of incident you are considering what may happen and how you might react. Get some colleagues to help you and now you can validate your plans and make improvements where needed.


Incident Playbook reviews, tabletop exercises and purple team exercises can all help you practise how you will actually respond to an incident. Only through exercises or real incidents will you learn; and the former is way cheaper than the latter.


A large percentage of Incident Management is about communicating, with the team, staff, customers, legal, law enforcement, execs and regulators. Have you got a plan, process and framework for this yet?

What’s on this site

  • Some posts about IM planning and improvements.
  • Pointers to great tools or articles about IM.
  • Soon: cheatsheets and printable guides to help you.

Where can I learn more?

  • We have a newly expanded five day course at SANS on Cyber Incident Management (LDR553)
  • To view upcoming dates and to register for the Live, Virtual or OnDemand courses head to the LDR553 options @SANS

Recent Blog posts

  • New Course – LDR553

    New Course – LDR553

    A short summary of why the new LDR553 course is built the way it is.

  • Domain Name Disputes website

    Domain Name Disputes website

    A short pointer to an interesting web site that tracks Domain Name litigation.

  • Examples of Public statements

    Examples of Public statements

    This is where we’ll drop some public breach statements as we find them to serve as a reference to others looking to draft something similar: UBER Taken from (checked 1st Dec 2022): https://www.uber.com/newsroom/security-update/ September 15, 6:25pm PT We are currently responding to a cybersecurity incident. We are in touch with law enforcement and will postContinue reading “Examples of Public statements”