DE.AE-05

Has your organization established and documented incident alert thresholds that trigger appropriate response actions?

Explanation

Incident alert thresholds define the specific conditions or metrics that, when reached or exceeded, trigger a security incident response. These thresholds should be established for various security monitoring systems (e.g., SIEM, IDS/IPS) and cover different types of events such as failed login attempts, unusual network traffic patterns, or data exfiltration attempts. Evidence of this control could include a documented incident response plan that clearly defines alert thresholds for different severity levels, configuration screenshots of security monitoring tools showing threshold settings, or runbooks that detail the specific metrics and conditions that trigger alerts and subsequent response actions.

Context

Function: DE: DETECT
Category: DE.AE: Adverse Event Analysis
Sub-Category: Incident alert thresholds are established

ResponseHub is the product I wish I had when I was a CTO

Previously I was co-founder and CTO of Progression, a VC backed HR-tech startup used by some of the biggest names in tech.

As our sales grew, security questionnaires quickly became one of my biggest pain-points. They were confusing, hard to delegate and arrived like London busses - 3 at a time!

I'm building ResponseHub so that other teams don't have to go through this. Leave the security questionnaires to us so you can get back to closing deals, shipping product and building your team.

Neil Cameron

Founder, ResponseHub