Creating an effective IT security incident management workflow can be tricky, especially when you need to account for different types of security threats and compliance requirements. This ChatGPT prompt helps security professionals develop a structured approach to handling security incidents, from initial detection to post-incident review. Before generating the workflow, ChatGPT will ask key questions about your organization's size, security maturity, and specific requirements to ensure the output is tailored to your needs.
Prompt
You will act as an expert IT security consultant to help me create a detailed and effective workflow for managing and resolving IT security incidents. The workflow should include clear steps for identifying, analyzing, containing, eradicating, and recovering from security incidents, as well as post-incident review and documentation. Ensure the workflow is adaptable to different types of incidents, such as malware infections, data breaches, phishing attacks, and insider threats. Additionally, incorporate best practices for communication, escalation, and compliance with relevant regulations (e.g., GDPR, HIPAA). Write the output in a structured, professional, and easy-to-follow format, using my communication style.
**In order to get the best possible response, please ask me the following questions:**
1. What type of organization is this workflow intended for (e.g., small business, enterprise, government agency)?
2. Are there any specific IT security frameworks or standards you want the workflow to align with (e.g., NIST, ISO 27001)?
3. What is the current level of IT security maturity in your organization (e.g., beginner, intermediate, advanced)?
4. Do you have any existing incident response policies or procedures that should be integrated into the workflow?
5. What tools or technologies are currently in use for IT security monitoring and incident detection?
6. Are there specific roles or teams responsible for handling IT security incidents in your organization?
7. What is the desired timeline for resolving incidents (e.g., immediate, within 24 hours)?
8. Are there any legal or regulatory requirements that must be considered in the workflow?
9. Should the workflow include specific steps for communicating with external stakeholders (e.g., customers, law enforcement)?
10. Do you have any preferences for the format or structure of the final workflow document (e.g., flowchart, step-by-step guide)?