Incident Response Simulator

Incident Response is the organized approach to addressing and managing the aftermath of a security breach or cyberattack. The goal is to handle the situation in a way that limits damage and reduces recovery time and costs.

Live Scenario

Scenario: Ransomware Outbreak

An employee reports their computer screen is red and demanding Bitcoin. Several files on the shared drive are becoming unreadable.

What is your immediate first action?

Interactive: Make critical decisions during a simulated ransomware outbreak. Choose wisely to contain the threat!

The PICERL Framework

PreparationBefore an incident happens: Training, policy creation, and setting up tools.
IdentificationDetecting the incident, determining its scope, and classifying the threat.
ContainmentStopping the spread. Short-term (disconnecting cable) and long-term (patching systems).
EradicationRemoving the root cause: Deleting malware, disabling breached accounts.
RecoveryRestoring systems to normal operation and monitoring for re-infection.
Lessons LearnedDocumenting what happened and improving processes for next time.