Cyber Incident Exercising

As an approved Cyber Incident Exercising (CIE) Assured Service Provider under the National Cyber Security Centre (NCSC) scheme, URM is ideally and uniquely placed to assist you with your cyber incident exercising.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Cyber Incident Exercising (CIE)

Cyber incident exercising is vital to your organisation’s preparedness as it simulates real-world cyber threats, allowing you to assess, practice and improve your response capabilities.  It will enhance your planning and thinking, help you identify weaknesses, foster a proactive security culture and ensure you have a resilient and adaptive defence against ever changing and evolving cyber threats.  By exercising and improving your incident response plans, you will be better placed to respond to cyber attacks, have a realistic understanding of your recovery time and ensure you get back up and running more quickly, thereby reducing costs and any reputational damage.

NCSC Cyber Incident Exercising Scheme

As an approved Cyber Incident Exercising (CIE) Assured Service Provider under the National Cyber Security Centre (NCSC) scheme, URM is ideally and uniquely placed to assist you with your cyber incident exercising.  Through the scheme you can be assured that URM meets the NCSC’s rigorous standards for developing and delivering high quality cyber incident exercising, possessing the required skills and experience of creating bespoke and structured cyber incident exercises.

The NCSC CIE scheme, which is administered by IASME, focuses on the development and delivery of two types of cyber exercises:

  • Table-Top –this is a discussion-based exercise where URM designs a scenario developed from information gathered about your organisation, and where participants respond to a developing situation, escalating over time, as they would in a live incident in line with your organisation’s incident response plan.
  • Live-Play –  this type of exercise involves participants carrying out their roles and responsibilities in close to real time and in response to a controlled feed of information, representing a pre-agreed scenario designed by URM and agreed with your organisation.  Typically, URM delivers live play exercises with mature organisations looking for in-depth validation of plans.

The exercises are designed to simulate incidents which have a significant impact on a single organisation.  The scheme does not cover category 1 and category 2 incidents, as defined by the UK cyber incident categorisation system.

Why URM?

URM is ideally placed to assist your organisation with your cyber incident exercising due to the unique combination of exercising experience and cyber expertise.  Since its formation in 2005, URM has been developing and facilitating incident response exercises.  Our team of incident management and cyber specialists is hugely experienced and skilled in devising challenging, original and appropriate scenarios which will exercise and validate your incident response plans.  Working closely with you, we will ensure the scenarios are realistic, have clear objectives in terms of raising awareness, assess how well participants understand the plans, as well as their own roles and responsibilities and how they work collectively as a team.  URM has worked with a wide range of incident management teams as part its exercising and with different areas of focus, from assessing the capabilities of senior management to IT teams, measuring the effectiveness of communication and identifying gaps between actual and expected time to recover.

One feature of our exercising over the last 10 years has been the increasing number of cyber-related exercises we have developed, addressing such threats as malware attacks, ransomware incidents, data breaches and phishing attempts.  This is an area where URM is able to excel by virtue of its cybersecurity knowledge supported by our CREST accreditation.  Our Technical Team possesses a deep understanding of cybersecurity principles, current threats, and attack methodologies and, as such, is able to develop exercises which are both cutting edge and highly realistic.

Key Things You Should Know About ISO 27001

Latest update:
19 Feb

ISO 27001 is a standard for Information Security Management that provides any organisation with a framework to protect most valuable assets.

Read more
Thumbnail of the Blog Illustration
Information Security
A Comparison of ISO 9001 and ISO 27001

URM’s blog compares the management system clauses of ISO 27001 and ISO 9001 to identify integration opportunities.

Read more
Thumbnail of the Blog Illustration
Information Security
The New Threat Intelligence Requirements in ISO 27001:2022

URM’s blog discusses the changes to the requirements around threat intelligence in ISO 27001:2022 and what certified organisations will need to do differently.

Read more
Thumbnail of the Blog Illustration
Information Security
What is the CIA Security Triad? Confidentiality, Integrity and Availability Explained

URM’s blog explains how the principles of confidentiality, integrity and availability (CIA) can help align your information security controls with best practice

Read more
I am pleased to share my experience with the Cyber Essentials Plus (CE+) Scheme. This certification has been invaluable to Case Pilots in helping us protect ourselves from cyber threats. The comprehensive and user-friendly process provided by URM Consulting gave me a deep understanding of the latest threats, vulnerabilities and best practices in cyber security. The assessors were highly knowledgeable, experienced and able to explain each step of the process clearly and concisely. What I particularly appreciated about the CE+ scheme was its relevance to the real world. The training covered not only the fundamental principles, but also advanced techniques and strategies that are used by professionals to protect their systems and data. Achieving the certification demonstrates to our clients that we are committed to cyber security and that we have the knowledge and skills to protect their data. I highly recommend the Cyber Essentials Plus Scheme to any organisation that is serious about cyber security.
To arrange your Cyber Essentials gap analysis please fill the form below.
Our team will contact you shortly.

Gap Analysis Request

contact US

Let us help you

Let us help you in your compliance journey by completing the form and letting us know how we can best support you.