Similar to playbooks, runbooks are more specific to systems and networks and best defined as a tactical method of completing a task. They are a series of steps needed to complete some process for a known end goal. Examples include “Restarting the web services on frontend servers” to “Deploying the newest build of staging application.”
Runbooks can define the exact steps to make that action repeatable and usable as a programmatic approach to problem-solving. A well-written runbook not only lowers the difficulty of execution and ensures repeatability but also has the end goal of automating the action, making the runbook itself no longer necessary.
The board of directors found your presentation on playbooks very informative and has asked you to create another presentation on runbooks that would be utilized as part of the incident response plan for the following 3 attacks:
- Credential Compromise
- Code Injection in Website
- DDoS Attack
To complete this, you should create a 12 -slide presentation with speaker notes and media such as images, video, or tables that will be presented to the board of directors. Specifically, your presentation should do the following:
- Explain the importance of using runbooks to risk management.
- Summarize the risks of the 3 threats listed above and the recommendation of the remediation plan presented in the labs associated with SQL Injection, Website Compromise, and Exploitation of Windows 7 Workstations.
- Summarize incident response plans for each of the 3 attack scenarios listed above.
- Justify NIST implementation, including an explanation of why it is the best option rather than another quicker and easier process.
- Identify additional tools and systems that might reduce or mitigate the risk of the 3 identified threats.
- Assess potential violations to user privacy from these attacks as well as the implications from going through the steps in the runbooks.
- Assess ethical implications of these attacks.
- Recommend ethical and privacy standards as they relate to any of the steps or tasks.
Include a title page, purpose statement for the presentation, and a reference slide.
