Information Gathering -> Monitoring: Targeted alerting
Risk and Opportunity
Risk: People are bored (ignorant) of incident alarm messages, as they are not responsible to react.
Opportunity: By the definition of target groups for incidents people are only getting alarms for incidents they are in charge for.
Usefullness: Very High
Required knowledge: Low (one discipline)
Required time: Very High
Required resources (systems): Very High
OWASP SAMM 1 Mapping: OE1-B
OWASP SAMM 2 Mapping: o-operational-management|B|3
ISO27001:2017 Controls Mapping:
- not explicitly covered by ISO 27001 - too specific