After reviewing the end to end process of all teams, it was determined that a solution would include an example of the following:
- Threat intelligence reports will be customized to complement security awareness initiative and training for users
- Global IT help desks will have fields to fill out their tickets that may indicate a security issue:
- Required fields—location, time, date, potential attack vector
- Tickets that indicate a potential security issue will be monitored by the continuous monitoring team:
- Continuous monitoring will validate the information against X criteria and move it to the incident response team for action, or mark it as a false positive