The initial teams identified to tackle these PIRs were the threat intelligence team, the security awareness team, the information security monitoring team, and the IT helpdesk team. We will need to add the IT security incident response team to complete the end-to-end process.

The threat intelligence team was responsible for providing the appropriate information to applicable teams:

• Item #1: Threat intelligence is not being provided to IT help desks, resulting in a lack of awareness of a possible incident

The security awareness team is responsible for the training and education of the users:

• Item #2: At this point, threat intelligence is developed in relation to the regions for educating the users

The information security monitoring team is responsible for monitoring various baselines for anomalies: 

• Item #3: There is no cognizance of what users are putting in as incident tickets

The IT help desk team is responsible for creating, working, and closing IT incident tickets:

• Item #4: There is no correlation of threat intelligence and IT incident tickets
• Item #5: There is no threat intelligence or IOC information being given to the team