Threat & Vulnerability Management: Monitoring & Response
      Back to home
      1. Trustero Support
      2. Phase 3: Operationalize Controls
      3. Threat & Vulnerability Management: Monitoring & Response

      Vulnerability Management - Manage and Track Events (template)

      A template you can use or modify to track security events.

      BEST PRACTICE: Use this page as a template 

      This sample template is designed to provide guidance. Please review and edit - or replace - this content as appropriate to meet the needs of your business. Reference Trustero’s GRC Knowledge Base article on Security & Compliance Tools Matrix for guidance on which tools will suffice for [service] called out. 

      Last updated: October 15, 2024

      Overview

      This “Management and Tracking for Security Events and Vulnerabilities” [Internal Wiki/Intranet] page, serves as the landing page for the "Weekly Debrief: Vulnerabilities & Security Alerts," enabling the security team to conduct weekly check-ins. It ensures continual compliance and effective management of risks to mitigate any adverse events that may occur.

      Purpose

      To validate that all security alerts are being effectively captured, monitored, and managed through a systematic process using Jira or similar ticketing systems. This includes the management of weekly vulnerability scans, configuration monitoring, application monitoring, threat detection, and admin activity logging.

      Weekly Vulnerability Scans and Monitoring

      1. Vulnerability Scanning: Covers both cloud-based and on-premises infrastructure.
      2. Configuration Management Monitoring
      3. Application Monitoring: Focuses on errors and crashes.
      4. Threat Detection
      5. Admin Activity Logging, Monitoring & Alerting

      Reference Tools

      Use the "Guide to Selecting Security and Compliance Tools" for selecting appropriate solutions per cloud environment to address specific security needs.

      1. Open Tickets - Fix Based on Criticality Level

      • Embed a table from the ticketing system with a filter to show all open tickets requiring immediate attention. For example, embed a filter that includes open tickets from Jira into a Confluence page.
      • Fields: Key/ID, Summary/Title, Assignee/Owner, Status, Start Date/Date Opened, Due Date

      2. Blocked Tickets - Fix Not Available 

      • Embed a table with a "fix_not_available" filter to display all vulnerabilities where no immediate fix is available.
      • Fields: Key/ID, Summary/Title, Assignee/Owner, Status, Start Date/Date Opened, Due Date

      3. N/A Tickets - Based on Not Using Vulnerable Component Identified

      • Embed a table with a "not_applicable" filter to show vulnerabilities not applicable to the in-scope environment.
      • Fields: Key/ID, Summary/Title, Assigned/Owner, Status, Date Opened, Updated, Due Date

      4. Unresolved Tickets (Patch/fix didn’t work)

      • Embed a table with a "fix_did_not_work" filter to display all tickets where the fix or patch did not resolve the issue.
      • Fields: Key/ID, Summary/Title, Assigned/Owner, Status, Date Opened, Updated, Due Date

      NOTE: Assignees should troubleshoot and diagnose why the corrective action failed.

      5. Resolved Tickets

      • Embed a table with a filter to display all tickets where the vulnerability has been successfully resolved.
      • Fields: Key/ID, Summary/Title, Assigned/Owner, Status, Date Opened, Due Date, Date Completed/Closed.

      Related links: