Module 4 Overview

Module 4 Overview#

Theme#

Containment and remediation automation

Essential Question#

What actions can be safely automated?

Module Components#

Book prose: conceptual framing, domain scenario, methods, and failure modes
Assignment: evidence-backed production of a specific artifact
Slides: presentation sequence for seminar or lecture delivery
Narration: spoken version of the slide flow
Instructor notes: facilitation plan, discussion prompts, and grading cues
Rubric: criteria for evaluating the module artifact
Notebook: executable lab aligned with the module theme using synthetic incident records with severity, confidence, blast radius, containment option, and approval outcome

Module Artifact#

automated response playbook with approval gates, rollback plan, and post-incident learning loop focused on containment and remediation automation: Define containment actions and approval gates.

Professional Setting#

Students work as if advising an incident response team deciding which containment actions can be automated safely. Their work must be intelligible to incident commander, security engineer, legal/compliance reviewer, and affected service owner.