The Scenario
A SA manufacturer of 180 staff has watched two competitors get hit by ransomware in the last year. The CIO has a small IT team (4 people) and asks for a credible incident response playbook. The playbook must work without retainer-level external support, while being clear about when to escalate.
The Brief
Produce a complete ransomware incident response playbook covering preparation, detection, containment, eradication, recovery, and post-incident review. The playbook must be executable by 4-person team in a real incident.
Deliverables
- A preparation section: what controls, backups, and contact lists must be in place before an incident
- A detection and triage workflow showing the signals that trigger the playbook and the first 60 minutes of response
- A containment and eradication section covering: network isolation steps, endpoint quarantine, credential rotation, and the criteria for escalating to external responders
- A recovery section covering: restore decisions, ransom payment policy, communications to staff and customers, and the formal post-incident review checklist
Submission Guidance
Real ransomware response is messy. The playbook must address questions teams actually face under pressure: do we shut down everything, do we pay, do we tell SAPS, do we tell the regulator under POPIA. State a position even if you disagree with it later, so the team has something to follow.
Submit Your Work
Your submission is graded against the rubric on the right. If you pass, you get a public Badge URL you can share on LinkedIn. There is no draft save, so work offline first and paste your finished response here.