cc2-1 High priority Security / Communication and Information

Relevant security information is obtained and used

Good security decisions require good information. The organization must have processes to gather relevant security data — threat intelligence, vulnerability feeds, audit logs, operational metrics — and actually use it to inform decisions. Collecting data that nobody reads is not a control. The requirement is that relevant information flows to the people who need it to identify and respond to risk.

10h estimated effort

monitoring information alerts logging

Implementation steps

1

Identify the security information sources you depend on

Document what information inputs drive your security decisions: CVE feeds, cloud provider security bulletins, SIEM alerts, dependency vulnerability scans, access logs, and incident reports. Having a list forces the question of whether each source is actually being consumed.

confluence notion
2

Configure automated alerts and dashboards

Set up automated pipelines so critical security information reaches the right person without manual effort. Configure SIEM or log aggregation to alert on suspicious events. Set up dependency scanning in CI/CD to flag vulnerable packages. Subscribe to vendor security bulletins.

datadog splunk pagerduty snyk dependabot aws-security-hub
3

Establish a process to act on security information

Receiving information is not enough — there must be a defined process to triage, assign, and track action on it. Create a security backlog or queue in your issue tracker. Set SLAs for responding to critical alerts. Review the queue in recurring security meetings.

jira linear github-issues