Nama: Hilma Aulia Daffa
NIM: 2581494366
Pertanyaan:
- What are the four main phases of the PICERL incident response lifecycle? (Preparation, Detection & Analysis, Containment, Eradication & Recovery, Post-Incident Activity).
- Why is it critical to have a communication plan ready before a data breach occurs? Who should be notified?
- What is the purpose of a Business Continuity Plan (BCP)?
Jawaban:
1. The NIST Incident Response Lifecycle is basically the standard blueprint for handling security breaches, often tied to the PICERL steps. Instead of seeing it as a rigid checklist, it’s better to view it as a continuous loop consisting of four main stages:
First off, there’s the Preparation phase. This is all the “behind-the-scenes” work—getting your tools ready, setting up the right communication channels, and training the team. It’s the groundwork you lay down before anything actually hits the fan; if you’re scrambling for a password or a toolkit during an active breach, you’ve already lost.
Once something suspicious happens, we move into Detection and Analysis. This part is usually the most chaotic because you’re trying to figure out if what you’re seeing is a legitimate threat or just a false alarm. It involves monitoring alerts, digging through logs to see how deep the rabbit hole goes, and ultimately deciding how severe the situation actually is.
The “meat” of the response happens in the Containment, Eradication, and Recovery stage. It’s a three-step process within a single phase: first, you stop the bleeding (containment) so the malware or hacker can’t spread further. Then, you move in to scrub the threat entirely from the system (eradication). Finally, you get everything back to normal (recovery), making sure the business can actually function again without leaving any backdoors open.Lastly, and this is the part people often skip when they’re tired, is the Post-Incident Activity. It’s essentially a “debrief” or a lessons-learned session. You sit down to look at what went wrong, what actually worked, and how to tweak the defense so the same thing doesn’t happen next week. It’s less about pointing fingers and more about closing the gaps in your security posture.
2. Why a Communication Plan Actually Matters
When a breach hits, the biggest enemy isn’t just the hacker—it’s the clock. You honestly don’t have the luxury of sitting around deciding who to call first while your systems are melting down. Having a pre-set plan is what keeps the situation from turning into total chaos. It’s about keeping the messaging consistent so you don’t end up telling customers one thing while your IT team says another. Plus, from a legal standpoint, there are strict windows for reporting (like with GDPR) where missing a deadline isn’t just embarrassing—it’s incredibly expensive. Essentially, the plan is there to protect the brand’s reputation before the narrative gets out of control.
The People Who Need to Know
Deciding who to notify involves balancing internal needs with external obligations. It usually breaks down into a few key groups:
- The Internal Circle: First, you need your own house in order. This means looping in management, legal, and HR immediately, alongside the IT security team who is actually fighting the fire.
- External Partners and Clients: You can’t leave the people who trust you in the dark. Affected customers, vendors, and partners need to be informed early enough to protect themselves, but only after you have clear facts to give them.
- Regulatory and Legal Authorities: Depending on the industry, you’re likely legally required to ping government agencies or specific regulators. If it’s something criminal—like a blatant ransomware attack—law enforcement needs to be on the line pretty quickly too.
PR and the General Public: Finally, there’s the “public face” of the crisis. PR needs to be ready to handle the media so the company can maintain some level of trust, even when things are going wrong.
3. Basically, the whole point of having a Business Continuity Plan (BCP) is just to make sure a company doesn’t fall apart when things go wrong. It’s about keeping those essential functions alive, both during a crisis and in the messy aftermath.
Now, people often mix this up with Disaster Recovery (DR), but they aren’t really the same thing. While DR is very much a “tech-heavy” rescue mission—focusing on getting servers back up and fixing lost data—the BCP looks at the much bigger picture. It’s more about the “human” and “process” side of things.
Think of it this way: the BCP is the roadmap for how the business actually survives. It covers everything from where people are going to work if the office is gone, to who needs to be on the ground to keep things moving. At the end of the day, it’s about making sure customers still get what they need and the money keeps coming in, even while the IT team is still in the basement trying to get the primary systems back online.
