This module covers the essentials of incident response planning, including constructing a Cyber Emergency Call Sheet, executing the first three steps of the NIST incident response lifecycle (Preparation, Detection, and Containment), and understanding why disconnecting from a network is preferable to shutting down during an active attack. Coordination with cyber insurance and IT support is also covered. This module builds directly on the malware and ransomware anatomy covered in Course 1 — Introduction to Cyber Threats and Digital Hygiene Risk.

This module addresses the legal and reporting obligations that follow a data breach. Learners will identify US state-level data breach notification requirements (international learners should supplement with local regulatory guidance), formulate a report for the FBI's Internet Crime Complaint Center (IC3), and draft a customer notification letter that preserves trust and reputation. Practical scenario exercises are included throughout.

This capstone module applies everything from the series in a single end-to-end scenario: a real-world incident that begins with a cultural failure (an employee bypassing policy), escalates into a live ransomware attack (requiring first-response decisions), and concludes with the legal and communications aftermath (breach notification and IC3 reporting). Each exercise draws simultaneously on Modules 1, 2, and 3 of this course as well as the technical foundations from Courses 1 and 2. This module is designed to surface the connections between people, process, and technology — and to help learners identify where their own organization's response would be strongest and where the gaps are.

This cumulative assessment tests your knowledge across all four content modules: The Human Firewall, The Fire Drill, The Aftermath, and the Practical Application capstone. Completing it successfully earns your certificate for Course 3 and completes the full three-course cybersecurity series.