AI Prompts for Cybersecurity

"Draft a structured incident response report for a ransomware attack that encrypted 3 file servers in the finance department. The attack was detected at 2:14 AM via an EDR alert, and the affected systems were isolated by 2:45 AM. Include: executive summary, timeline of events, attack vector analysis (phishing email with malicious macro), systems affected, data at risk assessment, containment actions taken, eradication steps, recovery plan with estimated timeline, root cause analysis, and 5 specific recommendations to prevent recurrence. Format for both technical and executive audiences with a clear separation between the two sections."

"Create a threat intelligence brief analyzing a hypothetical APT group targeting healthcare organizations. The group uses spear-phishing with PDF attachments exploiting a known Adobe vulnerability, establishes persistence via scheduled tasks, moves laterally using stolen credentials from LSASS memory dumps, and exfiltrates data over DNS tunneling. Map their tactics to the MITRE ATT&CK framework, identify the specific technique IDs, assess the risk level for a mid-size hospital network, and recommend specific defensive measures for each stage of the kill chain. Include detection signatures or YARA rules where applicable."

"Create a vulnerability assessment report template for a quarterly security review of a web application. Include sections for: scope and methodology, tools used (Nessus, Burp Suite, OWASP ZAP), vulnerability inventory categorized by CVSS severity (Critical, High, Medium, Low, Informational), for each finding include: description, affected component, CVSS score with vector string, proof of concept, business impact, and remediation recommendation with effort estimate. Include an executive summary dashboard concept showing risk trends over the last 4 quarters and a prioritized remediation roadmap."

"Draft a comprehensive Acceptable Use Policy (AUP) for a 200-person technology company. Cover: purpose and scope, acceptable use of company devices and networks, BYOD policy and requirements, password requirements (length, complexity, rotation, MFA), email and communication guidelines, social media usage, remote work security requirements (VPN, encrypted drives, screen lock), cloud storage and file sharing rules, incident reporting procedures, and consequences for violations. Write in clear, non-technical language that all employees can understand. Include an acknowledgment signature section."

"Design a 3-month phishing awareness training campaign for a 500-person organization. Include: 4 progressively difficult phishing simulation emails (describe the scenario, sender, subject line, and social engineering technique used for each), success metrics to track (click rate, report rate, credential submission rate), a training module outline for employees who fail each simulation, department-specific targeting strategies (finance gets invoice scams, HR gets resume scams, executives get CEO fraud), a communication plan for launching the program without causing panic, and a final report template showing improvement over the 3 months."

"Create a secure code review checklist based on the OWASP Top 10 for a Node.js/Express web application. For each vulnerability category (Injection, Broken Authentication, Sensitive Data Exposure, XXE, Broken Access Control, Security Misconfiguration, XSS, Insecure Deserialization, Using Components with Known Vulnerabilities, Insufficient Logging): describe what to look for in the code, provide a vulnerable code example in JavaScript/TypeScript, show the secure alternative, and list automated tools that can detect it (ESLint security plugins, Snyk, npm audit). Include a severity rating and estimated fix effort for each."

"Design a zero trust architecture implementation plan for a mid-size company (500 employees, hybrid workforce) currently using a traditional perimeter-based security model. Cover: the core zero trust principles (never trust, always verify), identity and access management overhaul (SSO, MFA, conditional access policies), network micro-segmentation strategy, device trust assessment (MDM, health checks), application-level access controls, data classification and DLP integration, monitoring and analytics requirements (SIEM, UEBA), and a phased 12-month implementation roadmap with quick wins in the first 30 days. Include estimated budget ranges for each phase."

"Create a SOC 2 Type II compliance gap analysis template for a SaaS startup preparing for its first audit. Cover the 5 Trust Service Criteria (Security, Availability, Processing Integrity, Confidentiality, Privacy) with specific control requirements for each. For each control: describe what the auditor will look for, common gaps found in startups, the evidence/artifacts needed to demonstrate compliance, and the estimated effort to remediate (quick fix, moderate, significant). Prioritize controls by audit risk (most likely to cause a qualified opinion) and include a 90-day remediation timeline."

"Draft a penetration testing scope and rules of engagement document for an external assessment of a company's web application and API infrastructure. Include: objectives and goals, in-scope systems (web app, REST API, mobile API endpoints), out-of-scope systems (production database, third-party integrations), testing methodology (OWASP Testing Guide, PTES), authorized testing techniques and explicitly prohibited actions, testing schedule and maintenance windows, communication protocols (emergency contact for critical findings), data handling requirements (no real PII extraction), deliverable format and timeline, and legal authorization language. Include a sign-off section for both parties."

"Prepare a 15-minute board-level cybersecurity briefing for non-technical directors. Cover: current threat landscape relevant to the company's industry (3 key threats in plain English), the company's security posture score with trend (improving/declining), top 3 risks with business impact quantified in dollars (not technical jargon), progress on last quarter's security initiatives, budget utilization and ROI of security investments, regulatory compliance status, and 2 specific asks for the board (budget approval, policy endorsement). Use analogies and business language throughout. Include suggested responses for likely board questions."

"Create a step-by-step guide for analyzing suspicious activity detected in security logs. The scenario: your SIEM flagged 47 failed login attempts from 12 different IP addresses against a single admin account over 2 hours, followed by a successful login from a new IP address. Walk through: initial triage questions to answer, which log sources to correlate (auth logs, VPN, firewall, endpoint), specific fields to examine, how to determine if this is a credential stuffing attack vs. brute force vs. legitimate user, indicators of compromise to look for post-authentication, immediate containment steps, and how to document findings for the incident ticket. Include sample log entries and the queries to run."

"Create a disaster recovery plan template for a company's critical IT infrastructure. Cover: business impact analysis (RTO and RPO for each critical system), disaster declaration criteria and authority, communication tree with contact details template, recovery procedures for 3 scenarios (data center outage, ransomware attack, cloud provider failure), backup verification and restoration procedures, failover architecture description, roles and responsibilities matrix (who does what in the first 1, 4, 12, 24, 48 hours), testing schedule (tabletop exercises quarterly, full DR test annually), and a post-incident review template. Include a 1-page quick-reference card for the first 60 minutes of an incident."