Develop the Intelligence Debriefing

Step 11: Develop the Intelligence Debriefing

our nation's technical staff expects you to report on all summit events once you return to your nation's capital. The CISO has requested that each analyst work independently to create an Intelligence Debriefing for technical staff. This debriefing is a comprehensive report and is comprised of your BCP, SITREP 1, SITREP 2, and SITREP 3.

Each team member should develop his or her own briefing and submit independently. You may, however, use your team's discussion area to share your findings with your peers.

Refer to the  CISO Deliverable Overview for a full list of requirements for the debriefing.

When you have completed your Intelligence Debriefing, submit it for feedback. The next step will be one of reflection, in which you will create a presentation on what you and your team members have learned from the ransomware attack and the mitigation and recovery activities that followed. 

2. Intelligence Debriefing

Using the Business Continuity Plan and Situation Reports you created throughout the project, you will create an  Intelligence Debriefing and a  Lessons Learned Video Presentation to share with your CISO.

This report will be from all information from all events that occurred during the summit. In the report, it will detail all technical information that was derived and any linkage to impacted systems identified in the BCP, possible methods of intrusion, and if events can be linked to one another. Write eight to 10 pages describing the events throughout the summit and all indicators shared by fellow nations. Determine what the malware types were and how they can be discovered in the future, and how they can be mitigated whether by detection systems or simply by having end users take awareness training.

Items below are required in the report for technical staff.

· current system standings

· modifications that can be made to stop this style of threat until a patch is created

· reputation and brand damage

· lost productivity due to downtime or system performance

· system availability problems

· determining root causes

· technical support to restore systems

· compliance and regulatory failure costs