Employing LLMs for Incident Response Planning and Review

arXiv:2403.01271v1 Announce Type: new
Abstract: Incident Response Planning (IRP) is essential for effective cybersecurity management, requiring detailed documentation (or playbooks) to guide security personnel during incidents. Yet, creating comprehensive IRPs is often hindered by challenges such as complex systems, high turnover rates, and legacy technologies lacking documentation. This paper argues that, despite these obstacles, the development, review, and refinement of IRPs can be significantly enhanced through the utilization of Large Language Models (LLMs) like ChatGPT. By leveraging LLMs for tasks …

arxiv challenges cs.cr cybersecurity cybersecurity management documentation guide high incident incident response incident response planning incidents irp legacy legacy technologies llms management personnel planning playbooks response review security systems technologies turnover