PSIRT Weekly Review Checklist

Review Open Security Incidents

• Updates: Examine the status of open security incidents. Discuss progress, challenges, and next steps.
• Prioritization: Ensure incidents are categorized by severity (e.g., critical, high, medium, low).
• Escalations: Identify any issues requiring escalation to higher management or additional resources.

Assess New Vulnerabilities

• Incoming Reports: Review vulnerabilities reported through external or internal channels.
• Validation: Verify the validity of new vulnerability reports (e.g., CVEs, Bug Bounty submissions).
• Impact Analysis: Determine affected products, components, or versions.
• Risk Scoring: Assign CVSS scores or equivalent risk assessments.

Monitor Patch and Mitigation Progress

• Patch Development: Check on the progress of patches for vulnerabilities under development.
• Testing: Review results from patch testing to ensure compatibility and effectiveness.
• Deployment: Discuss deployment timelines and strategies for rolling out fixes.

Track Communication Efforts

• Advisories: Review draft or published security advisories for clarity and accuracy.
• Customer Communication: Ensure updates are ready to share with impacted customers or stakeholders.
• Regulatory Compliance: Verify that all disclosure activities align with relevant laws or standards.

Examine Trends and Metrics

• Incident Trends: Look for patterns in reported vulnerabilities or recurring security issues.
• Performance Metrics: Track KPIs like Mean Time to Resolve (MTTR), detection rates, or patch adoption.
• Lessons Learned: Analyze recurring themes or causes behind security incidents to prevent future issues.

Discuss Threat Landscape

• Emerging Threats: Evaluate news, reports, or alerts about emerging threats that could impact your products.
• Attack Scenarios: Brainstorm possible exploit scenarios and the organization’s preparedness.

Plan Next Steps

• Action Items: Assign owners and deadlines for follow-ups.
• Resource Needs: Identify any need for additional resources or support.
• Cross-Team Coordination: Ensure alignment with developers, operations, or other stakeholders.

Conduct a Retrospective (Optional)

• If applicable, briefly reflect on recent security incidents to improve processes or strategies.

Best Practices for PSIRT Weekly Review:

• Agenda-Driven: Stick to a predefined agenda to ensure all critical topics are covered.
• Collaborative: Encourage open communication and cross-functional participation.
• Documentation: Keep thorough meeting notes and track action items for accountability.