Module 4 Assignment: Containment and remediation automation

Module 4 Assignment: Containment and remediation automation#

Scenario#

You are advising an incident response team deciding which containment actions can be automated safely. The stakeholders are: incident commander, security engineer, legal/compliance reviewer, and affected service owner.

Task#

Answer the module question: What actions can be safely automated?

Use the module lab and course readings to produce: automated response playbook with approval gates, rollback plan, and post-incident learning loop focused on containment and remediation automation: Define containment actions and approval gates..

Required Evidence#

  • Define the decision or system boundary in one paragraph.

  • Identify the dataset, proxy data, or evidence source you used: synthetic incident records with severity, confidence, blast radius, containment option, and approval outcome.

  • Compare at least two alternatives, baselines, policies, or designs.

  • Report one quantitative result or structured scoring table.

  • Explain two failure modes and one mitigation for each.

  • State what additional evidence would be required before real deployment.

Submission#

Submit the completed notebook plus a 900-1200 word memo. The memo must include clear headings for context, method, evidence, risks, recommendation, and open questions.

# Assignment workspace for Module 4: Containment and remediation automation
module = 4
decision = "What actions can be safely automated?"
artifact = "automated response playbook with approval gates, rollback plan, and post-incident learning loop focused on containment and remediation automation: Define containment actions and approval gates."

alternatives = [
    {"option": "baseline_or_manual_process", "strength": "", "risk": "", "evidence": ""},
    {"option": "ai_assisted_or_advanced_option", "strength": "", "risk": "", "evidence": ""},
]

recommendation = {
    "decision": decision,
    "recommended_option": "",
    "minimum_evidence_before_pilot": [],
    "monitoring_metric": "",
    "rollback_trigger": "",
}

{"module": module, "artifact": artifact, "alternatives": alternatives, "recommendation": recommendation}

{'module': 4,
 'artifact': 'automated response playbook with approval gates, rollback plan, and post-incident learning loop focused on containment and remediation automation: Define containment actions and approval gates.',
 'alternatives': [{'option': 'baseline_or_manual_process',
   'strength': '',
   'risk': '',
   'evidence': ''},
  {'option': 'ai_assisted_or_advanced_option',
   'strength': '',
   'risk': '',
   'evidence': ''}],
 'recommendation': {'decision': 'What actions can be safely automated?',
  'recommended_option': '',
  'minimum_evidence_before_pilot': [],
  'monitoring_metric': '',
  'rollback_trigger': ''}}

Acceptance Criteria#

Your submission is complete only if another reviewer can reproduce your reasoning from the evidence you provide. You do not need production-grade data, but you must be explicit about proxy-data limits and what would change with real institutional data.