Module 5: Human approval and escalation

AINS6301 — Automated Response Systems

Essential Question

When must people remain in the loop?

Scenario

an incident response team deciding which containment actions can be automated safely

Stakeholders: incident commander, security engineer, legal/compliance reviewer, and affected service owner

Core Moves

• Define the decision boundary

• Compare baseline and alternative

• Interpret evidence and assumptions

• Identify failure modes

• Recommend next action

Lab & Assignment

Design escalation criteria and audit records.

Artifact: automated response playbook with approval gates, rollback plan, and post-incident learning loop focused on human approval and escalation: Design escalation criteria and audit records.