The method
Use this prompt during security training exercises or tabletop simulations. Paste the prompt into your LLM and adjust the industry and breach type to match your organization's profile. Analyze the LLM's response and refine your incident response plan accordingly.
The prompts
Prompt 1
You are a cybersecurity expert specializing in incident response. A data breach has occurred at a fictional company called 'Acme Innovations,' a medium-sized manufacturing firm. The breach involved unauthorized access to a database containing sensitive customer information, including names, addresses, phone numbers, and credit card details. The initial assessment indicates that a phishing campaign targeted an employee with administrative privileges, leading to the compromise of their credentials.
Develop a detailed incident response plan, including the following steps:
1. **Containment:** Describe the immediate actions to contain the breach and prevent further data exfiltration.
2. **Eradication:** Outline the steps to remove the malware or vulnerability that caused the breach.
3. **Recovery:** Explain the process of restoring systems and data to their pre-breach state.
4. **Post-Incident Activity:** Detail the activities to be performed after the incident, including a review of the incident response plan and implementation of preventative measures. Provide specific technical and communication recommendations for each step.
Develop a detailed incident response plan, including the following steps:
1. **Containment:** Describe the immediate actions to contain the breach and prevent further data exfiltration.
2. **Eradication:** Outline the steps to remove the malware or vulnerability that caused the breach.
3. **Recovery:** Explain the process of restoring systems and data to their pre-breach state.
4. **Post-Incident Activity:** Detail the activities to be performed after the incident, including a review of the incident response plan and implementation of preventative measures. Provide specific technical and communication recommendations for each step.
Prompt 2
You are a crisis communications manager. A significant data breach has occurred at 'GlobalTech Solutions', a multinational software company. Millions of customer records, including personally identifiable information and some proprietary code, have been compromised. Initial reports suggest a sophisticated ransomware attack. Draft a press release and internal communication addressing the breach. The press release should:
1. Acknowledge the breach and express concern for affected customers.
2. Provide a brief overview of the situation and the company's immediate response.
3. Offer guidance to customers on how to protect themselves.
4. Reiterate the company's commitment to data security and transparency.
The internal communication should:
1. Inform employees about the breach and its potential impact on the company.
2. Provide guidance on how to handle inquiries from customers, media, and other stakeholders.
3. Emphasize the importance of maintaining confidentiality and adhering to security protocols. Assume the public will be critical of GlobalTech's security practices. How do you address those concerns?
1. Acknowledge the breach and express concern for affected customers.
2. Provide a brief overview of the situation and the company's immediate response.
3. Offer guidance to customers on how to protect themselves.
4. Reiterate the company's commitment to data security and transparency.
The internal communication should:
1. Inform employees about the breach and its potential impact on the company.
2. Provide guidance on how to handle inquiries from customers, media, and other stakeholders.
3. Emphasize the importance of maintaining confidentiality and adhering to security protocols. Assume the public will be critical of GlobalTech's security practices. How do you address those concerns?