1. Determine whether the vulnerability could apply to the system (e.g., check software list).
2. Determine if the vulnerability is present on the system.
3. Determine whether the vulnerability could be exploited on the system(s) in question (e.g., vulnerability scans).
4. Validate whether or not the vulnerability has been exploited on the system (e.g., check logs).
5. Report findings to senior management through the use of the “NOC Reporting Template” (feel free to make modifications as the situation warrants).

Cybersecurity management- Tactical