Cyber & IT Supervisory Forum - November 2023

Internal Use Only

Discussion Questions 1. Now that ransomware has been identified within the organization, what are some of the initial technical steps the organization (in particular, IT staff) should be taking to address the incident? 2. Let’s now think about how incident communications happen within the organization. Once the incident response plan has been activated, how and to whom might the details of the incident be communicated within the organization? Who within the organization might potentially be involved in this portion of the incident response process?

Instructions • Discuss each of the questions at your table • Be prepared to provide a summary to the group • Table Discussion: 20 minutes; Summary Report: 10 minutes

17

Internal Use Only

Break 2:30 – 2:45 pm

18