Threat management
While collecting data and information is one important part, the second part is to have processes and routines in place to ensure that threats are identified and handled accordingly. While the approach to how you handle threat management in your company will differ depending on the size of the organization, I can share some of my personal experiences on how we handled this in smaller companies from an IT perspective:
- Creating a cross-platform team with people from different areas of experience (network, infrastructure, endpoints, and identity), including the CISO/CIO depending on size.
- Having a weekly stand-up meeting where somebody is responsible for collecting and presenting new threats that can impact the company based on the data collected in the last week. This responsibility needs to be rotated between different people in the team.
- Also, if you do not have a SOC team, security incidents need to be handled by this team, and cases that require...
