Incident Response Management
This Problem-based Learning scenario has been created to enable learners to explore a fairly complex cyber attack and the consequent incident management process for a financial institution with approximately 350,000+ users, situated both nationally and internationally.
On successful completion of the scenario, students will be able to:
- Articulate the Incident management life cycle, associated activities and where it fits into an Information Security Management System.
- Explain the purpose and content of an Incident Response plan, CIRT and its typical composition and responsibilities.
- Explain Incident classification methods, including diagnosis of types of incident and distinguishing events from Incidents and triage.
- Explain appropriate responses to the attacks.
- Explain the communication strategy.
- Explain the purpose of, and complete appropriate documentation for an incident.
- Explain the role of Incident management within a systemic approach to Information Security.
This page provides the resources for students to be able to complete the scenario as members of a small team facilitated by a tutor. The resources consist of an introductory video together with documents detailing the PBL problem statement, tasks and links to other materials that learners are expected to use to complete the tasks.
A facilitator guide and CSKE Guide to PBL provide additional information for tutors. The materials are modular, and the source is available so that they can be customized to other contexts, for example as part of an online course.