Cybersecurityknowledge~30 mins

Post-incident review in Cybersecurity - Mini Project: Build & Apply

Choose your learning style9 modes available

Learn Why Deep Visual Practice Challenge Project Recall Time

Post-incident Review Process

📖 Scenario: You are part of a cybersecurity team that just handled a security incident. Now, you need to create a clear and organized post-incident review document to learn from the event and improve future responses.

🎯 Goal: Build a step-by-step post-incident review document that includes the incident details, impact assessment, lessons learned, and improvement actions.

📋 What You'll Learn

Create a dictionary called incident_details with exact keys and values describing the incident

Add a variable called impact_level to classify the severity of the incident

Use a list comprehension called lessons_learned to extract key lessons from a list of observations

Add a final dictionary called improvement_plan summarizing actions to prevent future incidents

💡 Why This Matters

🌍 Real World

Post-incident reviews help cybersecurity teams understand what happened, how it affected the organization, and what to do next to avoid similar problems.

💼 Career

Security analysts and incident responders regularly create post-incident reports to improve defenses and communicate with stakeholders.

Progress0 / 4 steps

Create Incident Details

Create a dictionary called incident_details with these exact entries: 'date': '2024-05-15', 'type': 'Phishing Attack', 'detected_by': 'Email Filter', and 'status': 'Resolved'.

Cybersecurity

# Create the incident_details dictionary with the specified keys and values
# Your code here

Need a hint?

Use curly braces to create a dictionary and include the exact keys and values as strings.

Add Impact Level

Add a variable called impact_level and set it to the string 'High' to classify the severity of the incident.

Cybersecurity

incident_details = {
    'date': '2024-05-15',
    'type': 'Phishing Attack',
    'detected_by': 'Email Filter',
    'status': 'Resolved'
}

# Add the impact_level variable and set it to 'High'
# Your code here

Need a hint?

Simply assign the string 'High' to the variable named impact_level.

Extract Lessons Learned

Given the list observations = ['User clicked suspicious link', 'Email filter caught 3 phishing emails', 'No data breach occurred'], create a list comprehension called lessons_learned that includes only observations containing the word 'phishing'.

Cybersecurity

incident_details = {
    'date': '2024-05-15',
    'type': 'Phishing Attack',
    'detected_by': 'Email Filter',
    'status': 'Resolved'
}

impact_level = 'High'

observations = ['User clicked suspicious link', 'Email filter caught 3 phishing emails', 'No data breach occurred']

# Create lessons_learned list with observations containing 'phishing'
# Your code here

Need a hint?

Use a list comprehension to filter observations that include the word 'phishing'.

Add Improvement Plan

Add a dictionary called improvement_plan with these exact entries: 'training': 'Increase phishing awareness', 'filter_update': 'Enhance email filter rules', and 'monitoring': 'Implement real-time alerts'.

Cybersecurity

incident_details = {
    'date': '2024-05-15',
    'type': 'Phishing Attack',
    'detected_by': 'Email Filter',
    'status': 'Resolved'
}

impact_level = 'High'

observations = ['User clicked suspicious link', 'Email filter caught 3 phishing emails', 'No data breach occurred']

lessons_learned = [obs for obs in observations if 'phishing' in obs]

# Create improvement_plan dictionary with specified keys and values
# Your code here

Need a hint?

Use a dictionary with the exact keys and string values as shown.