RS.AN-01

Does your organization have a documented process for investigating notifications from security detection systems?

Explanation

This question assesses whether your organization has established procedures to analyze and respond to security alerts generated by detection systems such as intrusion detection systems (IDS), security information and event management (SIEM) tools, or endpoint detection and response (EDR) solutions. Proper investigation of these notifications is crucial for identifying potential security incidents, determining their scope and impact, and initiating appropriate response actions. Evidence could include an incident response playbook that outlines the investigation process, documentation of alert triage procedures, or logs showing alert investigations with timestamps and outcomes. Screenshots of your security operations dashboard showing alert handling workflows would also serve as suitable evidence.

Context

Function: RS: RESPOND
Category: RS.AN: Incident Analysis
Sub-Category: Notifications from detection systems are investigated

ResponseHub is the product I wish I had when I was a CTO

Previously I was co-founder and CTO of Progression, a VC backed HR-tech startup used by some of the biggest names in tech.

As our sales grew, security questionnaires quickly became one of my biggest pain-points. They were confusing, hard to delegate and arrived like London busses - 3 at a time!

I'm building ResponseHub so that other teams don't have to go through this. Leave the security questionnaires to us so you can get back to closing deals, shipping product and building your team.

Neil Cameron

Founder, ResponseHub