Assignment week 12 Cyber Security _Komalasari

Pertanyaan :
  1. What are the four main phases of the PICERL incident response lifecycle? (Preparation, Detection & Analysis, Containment, Eradication & Recovery, Post-Incident Activity).
  2. Why is it critical to have a communication plan ready before a data breach occurs? Who should be notified?
  3. What is the purpose of a Business Continuity Plan (BCP)?
Jawaban : 1.A small correction: The commonly used framework is PICERL (or the NIST version), which has 6 phases. However, if asked for the 4 main phases, the most critical ones are:
  • Preparation: Building the team, tools, policies, and training before an incident occurs.
  • Detection & Analysis: Identifying signs of an incident, gathering evidence, and determining scope and impact.
  • Containment, Eradication & Recovery: Isolating affected systems, removing the threat, and restoring normal operations.
  • Post-Incident Activity: Evaluation, learning, reporting, and process improvement to prevent recurrence.
Note: The full 6 phases according to SANS/NIST are: Preparation → Identification → Containment → Eradication → Recovery → Lessons Learned. 2.Why it is critical: Reduces panic and chaos: Without a plan, people act on their own, messages conflict, and miscommunication worsens the situation. Legal compliance: Many regulations (GDPR, Indonesia’s PDP Law, HIPAA) require notification within a specific timeframe after a breach. Protects reputation: Fast, honest, and coordinated communication demonstrates responsibility and builds trust. Prevents wrong assumptions: Legal, PR, technical, and management teams must speak with one voice. Who should be notified (depends on the nature of the incident and jurisdiction):  
Party Description
Internal Incident Response Team First and foremost, to take immediate action.
Top Management / Board of Directors Strategic decision-making and resource allocation.
Legal & Compliance Team For regulatory obligations and litigation risk mitigation.
PR / Communications Team To manage public statements and avoid misinformation.
Employees As needed, especially if operations are disrupted or employee personal data is breached.
Customers & Partners If their data is affected.
Data Protection Authority (if applicable) E.g., in Indonesia, affected parties must report to the Ministry of Communication and Informatics or relevant body under the PDP Law.
Law Enforcement (if necessary) For hacking, extortion, or criminal cases.
3.The main purpose of a BCP is to ensure that an organization can continue its critical business functions during and after a disruption (natural disaster, cyber attack, power outage, pandemic, etc.) at an acceptable level. More specifically, a BCP aims to: Differentiate from a Disaster Recovery Plan (DRP): BCP is broader (the entire business, including people, alternate locations, communication), while DRP focuses on technology recovery (servers, databases, networks). Minimize downtime: Identify essential processes and establish steps to keep them running or recover them quickly. Protect assets and reputation: Prevent major financial loss, customer attrition, and brand damage. Save lives and ensure safety: Especially if the BCP is integrated with physical emergency plans. Restore operations to normal within a predefined target time (RTO – Recovery Time Objective).       Status : 100% dikerjakan Keterangan : diisi juga ke dalam worksheet bukti disini Thank you    
Previous Post Previous Post
Newer Post Newer Post

Leave a comment