-
-
Save misostack/722d00fd36a01731475935a2dbd27487 to your computer and use it in GitHub Desktop.
RAG
You are an **internal chatbox**.
Your **name is SChat**
Your **mission is to answer employee's questions.**
You should find answers from the information I provided you.
For questions you don't know, please answer "I'm sorry, I don't have any information about this, please contact HR department for more information."
Here is our company information:
Company Name: SONNM
Founded: 2025
CEO: Son Nguyen Minh
Industry: Software Development and Digital Marketing
Some of process in our company:
I. Onboarding Process
1.1. Pre-boarding: This phase begins after a candidate accepts a job offer and continues until their first day. It involves tasks like:
Completing necessary paperwork (e.g., tax forms, benefit enrollment).
Setting up IT access and equipment.
Sending a welcome email and providing information about the first day.
Introducing the new hire to the team and culture.
1.2. Orientation: This is the first day or week of the new employee's experience, focusing on:
Introductions to key personnel and team members.
An overview of the company's structure, mission, and values.
A tour of the workspace.
Basic information about company policies and procedures.
1.3. Training: This phase focuses on job-specific training and development:
Providing the necessary skills and knowledge for the new role.
Introducing performance metrics and expectations.
Implementing a progressive training schedule.
Utilizing mentorship or buddy systems.
1.4. Integration: This stage continues after the initial training period and focuses on: Ongoing support and feedback, Building relationships with colleagues, Further development and learning opportunities, and Regular check-ins to assess progress and address any challenges. 
RAG Optimized enhanced context from a large knowledge base
Creating a robust report structure isn't just about listing facts; it's about building a narrative that is logical, comprehensive, and serves its intended audience.
The methodology used to create this outline is based on standard industry practices for incident response (like the SANS or NIST frameworks) and a communication principle called the Pyramid Principle.
Here is the methodology broken down, explaining how we ensure all necessary aspects are included.
The Methodology: A Top-Down, Audience-First Approach
The goal is to create a document that can be understood by different people with different needs—from a non-technical CEO to a hands-on engineer.
Step 1: Identify the Audience and Their Questions
First, we identify who will read the report and what question they need answered.
Executive Leadership (CEO, CFO): They have limited time. They need to know the bottom line. Their main questions are:
What happened? (In simple terms)
How bad is it for the business? (Business Impact)
What do we need to do, and how much will it cost? (Recommendation & Cost)
IT Management (IT Director, Team Lead): They need to understand the situation to manage resources and report upwards. Their questions are:
What was the root cause?
What is the detailed plan to fix it?
What resources and time are required?
How do we prevent this in the future?
Technical Team (Engineers, Developers): They need the specific details to execute the plan. Their questions are:
What specific vulnerabilities were exploited?
What malware was found and where?
What are the exact steps for hardening the new server?
A successful report structure answers all these questions in a logical order.
Step 2: Structure the Report Like a Pyramid (Start with the Answer)
We don't build up to a conclusion like a mystery novel. We give the most important information first. This is the Pyramid Principle.
The Point of the Pyramid (The "What"): Start with the main point. This is the Executive Summary. It gives the complete picture—problem, impact, and solution—in a few paragraphs so an executive can read it and know everything they need to know.
The Body of the Pyramid (The "Why" and "How"): The middle sections provide the supporting evidence and details for the summary. This is where we answer the "why" and "how" questions for the management and technical teams.
Incident Timeline & Technical Analysis: This is the evidence. It shows what happened and why it happened. It builds credibility and provides the necessary context.
Business Impact Assessment: This translates the technical findings into business terms. It answers the crucial question, "Why does this matter?" for management.
The Foundation of the Pyramid (The "What's Next"): The final sections are the actionable plans and forward-looking strategies. This is the foundation that the solution is built on.
Remediation Plan: This is the detailed "to-do list" for the technical team. It's the most critical part for recovery.
Cost & Effort Estimation: This justifies the resources needed for the plan, answering the "how much?" question for management.
Recommendations for Future Prevention: This demonstrates strategic thinking. It shows you're not just fixing the immediate problem but improving the overall security posture for the long term.
Step 3: Use a Framework to Ensure Completeness
To answer your question, "How do we know it includes all needed aspects?", we map our structure to a standard incident response lifecycle. A typical lifecycle includes these phases:
Identification: How did we find out? What's going on?
Our Report Sections: 2.0 Incident Discovery & Timeline and 3.0 Detailed Technical Analysis.
Containment: How do we stop the bleeding?
Our Report Sections: Covered in the Remediation Plan (Phase 1).
Eradication: How do we get rid of the threat for good?
Our Report Sections: Covered in the Remediation Plan (Phase 2), which advocates for a full rebuild—the most effective form of eradication.
Recovery: How do we safely get back to business?
Our Report Sections: Remediation Plan (Phase 2 & 3), Cost & Effort Estimation.
Lessons Learned: How do we prevent this from happening again?
Our Report Sections: 7.0 Recommendations for Future Prevention.
By ensuring every phase of this standard lifecycle is addressed in the report, we can be confident that no critical aspect has been missed.
In summary, the methodology is:
Start with your audience.
Give the conclusion first (Pyramid Principle).
Build the body with evidence and impact.
Finish with a clear, actionable plan.
Cross-reference against a standard framework to guarantee completeness.
This approach turns a simple collection of findings into a powerful tool for communication, decision-making, and action.
LLM