Incident Response Planning (IRP) is essential for effective cybersecurity management, requiring detailed documentation (or playbooks) to guide security personnel during incidents. Yet, creating comprehensive IRPs is often hindered by challenges such as complex systems, high turnover rates, and legacy technologies lacking documentation. This paper argues that, despite these obstacles, the development, review, and refinement of IRPs can be significantly enhanced through the utilization of Large Language Models (LLMs) like ChatGPT. By leveraging LLMs for tasks such as drafting initial plans, suggesting best practices, and identifying documentation gaps, organizations can overcome resource constraints and improve their readiness for cybersecurity incidents. We discuss the potential of LLMs to streamline IRP processes, while also considering the limitations and the need for human oversight in ensuring the accuracy and relevance of generated content. Our findings contribute to the cybersecurity field by demonstrating a novel approach to enhancing IRP with AI technologies, offering practical insights for organizations seeking to bolster their incident response capabilities.

翻译：事件响应规划（IRP）对于有效的网络安全治理至关重要，它需要详尽的文档（或剧本）来指导安全人员在事件发生时的操作。然而，制定全面的IRP常因系统复杂性、人员高流动率以及缺乏文档的遗留技术等挑战而受阻。本文指出，尽管存在这些障碍，通过利用大型语言模型（LLMs，如ChatGPT），IRP的开发、审查与优化可以显著增强。通过借助LLMs完成起草初步方案、提出最佳实践建议以及识别文档缺失等任务，组织能够克服资源限制，提升对网络安全事件的准备能力。我们探讨了LLMs在简化IRP流程方面的潜力，同时考虑了其局限性以及在确保生成内容的准确性和相关性方面需要人工监督的必要性。我们的研究成果通过展示利用人工智能技术增强IRP的创新方法，为网络安全领域做出了贡献，为寻求提升事件响应能力的组织提供了实用见解。