Exam Content Similar to playbooks, runbooks are more specific to systems and networks and best defined as a tactical method of completing a task. They are a series of steps needed to complete some pro


Exam Content

Similar to playbooks, runbooks are more specific to systems and networks and best defined as a tactical method of completing a task. They are a series of steps needed to complete some process for a known end goal. Examples include “Restarting the web services on frontend servers” to “Deploying the newest build of staging application.”

Runbooks can define the exact steps to make that action repeatable and usable as a programmatic approach to problem-solving. A well-written runbook not only lowers the difficulty of execution and ensures repeatability but also has the end goal of automating the action, making the runbook itself no longer necessary. 

The board of directors found your presentation on playbooks very informative and has asked you to create another presentation on runbooks that would be utilized as part of the incident response plan for the following 3 attacks: 

  • Credential Compromise
  • Code Injection in Website
  • DDoS Attack
  • Explain the importance of using runbooks to risk management.
  • Summarize the risks of the 3 threats listed above and the recommendation of the remediation plan presented in the labs associated with SQL Injection, Website Compromise, and Exploitation of Windows 7 Workstations.
  • Summarize incident response plans for each of the 3 attack scenarios listed above.
  • Justify NIST implementation, including an explanation of why it is the best option rather than another quicker and easier process.
  • Identify additional tools and systems that might reduce or mitigate the risk of the 3 identified threats.
  • Assess potential violations to user privacy from these attacks as well as the implications from going through the steps in the runbooks.
  • Assess ethical implications of these attacks.
  • Recommend ethical and privacy standards as they relate to any of the steps or tasks.