Printed from CheckTick DSPT Compliance Documentation
NCSC Early Warning Monitoring Procedure
Purpose: To define how CheckTick responds to threat intelligence provided by the UK National Cyber Security Centre (NCSC).
1. Registration Details
- Registered Entity: CheckTick
- Primary Contact: CTO
- Assets Monitored:
checktick.uk[and production IP addresses]
2. Alert Categories & Response Times
| Alert Type | Description | Target Response |
|---|---|---|
| Incident Notifications | Evidence of an active compromise (e.g., malware beaconing). | Immediate (< 4 hours) |
| Network Abuse | Evidence of your assets being used for malicious activity. | < 12 hours |
| Vulnerability Alerts | Detection of an unpatched or vulnerable public service. | < 24 hours |
3. Triage Process
- Verification: CTO verifies the alert against Northflank logs and GitHub security dashboards.
- Remediation: If valid, the CTO applies the necessary patch or rotates compromised credentials immediately.
- Reporting: Any confirmed incident identified via NCSC Early Warning is reported to the SIRO ([DPO Name]) and logged in the Cyber Incident Log.