Case category · Security & vulnerability response

Security & vulnerability response

5 cases Category 9 of 20

This band spans the vulnerability lifecycle, scan remediation, privacy and personal data handling, identity and network exposure, and security awareness drills. Deliverables should map to tickets and SLAs; agents can assemble CVE context, reachability, and priority recommendations—final disposition stays with security and product owners. Fix evidence may also feed Compliance & audit packs.

In the case hub it is Security & vulnerability response (#cat-security).

Quick links

Dependency vulnerabilities and CVE triage

CVSS, exploitability, patches, mitigations.

Security scan findings and remediation list

Findings, false positives, owners, SLAs.

Privacy and PII compliance checks

Minimization, consent, cross-border, retention.

Least privilege and exposure review

IAM, exposure, secrets, audit.

Security awareness and phishing drill scripts

Cases, metrics, review, training.

In depth

Dependency vulnerabilities and CVE triage

Blend CVSS, exploitability, and code reachability; separate patchable items from mitigations (WAF, isolation) and accepted risk with rationale and re-review dates.

Security scan findings and remediation list

Consolidate SAST/DAST/container findings, mark false positives and duplicates, and assign owners, target versions, and SLAs for sprint planning.

Privacy and PII compliance checks

Map collection purpose, consent, cross-border transfers, and subprocessors; output actionable gaps for product and legal rather than generic advice.

Least privilege and exposure review

Audit IAM roles, security groups, and public endpoints; find long-lived keys, overly broad bucket policies, and missing key rotation with concrete convergence steps.

Security awareness and phishing drill scripts

Design realistic scenarios and metrics (click rate, report rate); tie retros to training topics and policy updates for a closed loop.

Back to case hub Cases overview