Incident Response and Risk Management Framework for Drexel University

This project simulates the role of Drexel University’s Information Security team by designing a structured incident response and risk management framework tailored to a higher education environment. The objective is to create a clear and organized system for identifying, classifying, containing, and resolving cybersecurity incidents that may affect university systems, student and staff accounts, and institutional data. The framework focuses on common threats in higher education, such as phishing attacks, malware infections, and compromised accounts.

Using a phased, sprint-based approach, the team incrementally develops interconnected deliverables that collectively form a cohesive response structure. The project begins with defining scope and establishing a detailed Statement of Work, clearly identifying in-scope systems, accounts, and assets while documenting out-of-scope components based on institutional assumptions and operational constraints. A Severity and Impact Matrix is then developed to standardize incident classification based on data sensitivity, system criticality, privilege level, and operational disruption. This matrix establishes a consistent foundation for prioritization and response decisions.

Building on this structure, the project introduces a Risk Response Decision Framework outlining escalation paths, communication workflows, and role-based responsibilities. Detailed incident response rulebooks for phishing, malware, and compromised accounts provide step-by-step procedures aligned with severity levels. Such standards help ensure incidents are handled in a consistent and organized manner. A Security Awareness and Training Plan further supports preventative controls by addressing recurring threat patterns identified during development.

The final deliverable is a comprehensive incident report based on a simulated cybersecurity event. This report demonstrates how the framework is applied from initial detection through containment, remediation, recovery, and post-incident review. Overall, the project highlights the importance of structured planning, clear procedures, and proportional response when managing cybersecurity incidents in a complex university setting.