Exercise

You are the Computer Security Incident Response Team $($CSIRT$)$ leader for a major e$-$commerce website, and you are currently responding to a security incident where you believe attackers used a SQL injection attack to steal transaction records from your backend database. Currently, only the core CSIRT members are responding.

Incident response plan document is usually submitted after the system has been restored. The incident response team creates a report of the incident, and it includes what was discovered, how it was discovered, what was done, and the results. The report acts as a corporate memory and can be used for future incidents. It can also be used for communications to the internal and external stakeholders.

Step $1$: Develop a communication plan that describes the nature, timing, and audiences for communications to the internal and external stakeholders that you believe need to be notified.

Deliverables

Submit the Cyber Security Incident Response Plan $($you can use the attached sample as a guide$).$