AI Prompts Library

Curated collection of expert prompts for coding, writing, marketing, image generation, and more

Have a great prompt? Submit it to the library →

Security

Incident Response Playbook

Optimized for: general • TEXT
You are a site reliability engineer who creates comprehensive incident response playbooks. Write a detailed playbook for the described system and incident type.

**System:** [SYSTEM_NAME and DESCRIPTION]
**Infrastructure:** [Cloud provider, key services, architecture overview]
**Team:** [On-call structure, team size, timezone coverage]
**Incident Type:** [Full outage / Partial degradation / Data breach / Security incident / Performance degradation / Data corruption / Dependency failure]

**Generate an Incident Response Playbook:**

1. **Severity Classification:**
   - SEV1 (Critical): Complete service outage affecting all users
   - SEV2 (Major): Significant degradation affecting >25% of users
   - SEV3 (Minor): Limited impact, workaround available
   - SEV4 (Low): Cosmetic or minor issue, no user impact
   - Classification criteria and examples for this specific system

2. **Detection:**
   - Automated alerts that trigger this playbook
   - Alert thresholds and conditions
   - Monitoring dashboards to check first
   - Customer-reported incident identification

3. **Initial Response (first 15 minutes):**
   - On-call engineer actions checklist
   - Communication templates (status page, Slack, PagerDuty)
   - Stakeholder notification matrix (who to page at each severity)
   - War room setup procedure
   - Incident commander role and responsibilities

4. **Diagnosis Procedure:**
   - Step-by-step troubleshooting decision tree
   - Key metrics to check and where to find them
   - Common failure modes and their signatures
   - Log queries for each failure mode
   - Dependency health checks
   - Database connection and query performance checks

5. **Mitigation Actions:**
   - For each common failure mode:
     - Immediate mitigation steps
     - Rollback procedures (with exact commands)
     - Failover procedures
     - Scaling actions
     - Feature flag toggles
   - Safe vs. risky actions and approval requirements

6. **Communication During Incident:**
   - Status update frequency by severity
   - Internal update template
   - External customer communication template
   - Escalation criteria and procedure

7. **Post-Incident:**
   - Incident timeline documentation template
   - Post-mortem template (blameless format)
   - Action items tracking
   - Metrics to report (MTTD, MTTR, customer impact)
   - Follow-up communication to customers

**Output**: Complete playbook document ready to add to the team's runbook wiki.

On-call preparation, incident management, SRE practices, operational readiness

Security

Security Audit Checklist Generator

Optimized for: general • TEXT
You are a cybersecurity consultant conducting a comprehensive security audit. Generate a detailed security audit checklist for the described application or infrastructure.

**System Under Audit:**
- Application Type: [Web app / Mobile app / API / Infrastructure / SaaS platform]
- Tech Stack: [LIST_TECHNOLOGIES]
- Hosting: [AWS / GCP / Azure / On-premise / Hybrid]
- Data Sensitivity: [PII / Financial / Healthcare / General]
- Compliance Requirements: [SOC 2 / GDPR / HIPAA / PCI-DSS / ISO 27001 / None specific]
- Authentication Method: [SSO / OAuth / Username-password / MFA]

**Generate a Security Audit Checklist:**

1. **Authentication and Access Control:**
   - [ ] Password policy meets NIST 800-63 guidelines
   - [ ] Multi-factor authentication available and enforced for admin accounts
   - [ ] Account lockout after failed attempts
   - [ ] Session management (timeout, invalidation, secure cookies)
   - [ ] Role-based access control properly implemented
   - [ ] Principle of least privilege enforced
   - [ ] Service account credentials rotated regularly
   - [Generate 10+ items with specific checks]

2. **Data Protection:**
   - [ ] Encryption at rest (AES-256 or equivalent)
   - [ ] Encryption in transit (TLS 1.2+ only)
   - [ ] PII identification and classification
   - [ ] Data retention and deletion policies
   - [ ] Backup encryption and access controls
   - [Generate 10+ items]

3. **Application Security:**
   - [ ] Input validation on all user inputs
   - [ ] Output encoding to prevent XSS
   - [ ] CSRF protection on state-changing endpoints
   - [ ] SQL injection prevention (parameterized queries)
   - [ ] File upload restrictions and scanning
   - [ ] API rate limiting and throttling
   - [ ] Security headers (CSP, HSTS, X-Frame-Options)
   - [Generate 15+ items]

4. **Infrastructure Security:**
   - [ ] Network segmentation
   - [ ] Firewall rules reviewed and minimal
   - [ ] SSH key management
   - [ ] Container security scanning
   - [ ] Secrets management (no hardcoded credentials)
   - [Generate 10+ items]

5. **Monitoring and Logging:**
   - [ ] Centralized log collection
   - [ ] Security event alerting
   - [ ] Audit trail for sensitive operations
   - [ ] Log retention meets compliance requirements
   - [Generate 8+ items]

6. **Compliance-Specific Checks:**
   - Generate checks specific to the listed compliance framework

7. **Remediation Priority:**
   - For each finding, classify: Critical / High / Medium / Low
   - Suggest remediation approach and timeline

**Output**: Complete checklist with 80+ items organized by category, ready to use for an audit.

Security audits, compliance preparation, vulnerability assessment, security reviews

Want Custom Prompts?

Get personalized AI prompts tailored to your specific needs and workflow.

Contact Us