When to use this
Use this log to record DLP alerts, false positives, prioritization, tuning decisions, and escalation.
Related controls
- A.8.12 Data Leakage Prevention
- A.5.25 Assessment and Decision on Information Security Events
- A.5.26 Response to Information Security Incidents
Log
| Alert ID | Date | Rule | Data/channel | Classification | Decision | Action | Tuning needed? | Owner |
|---|---|---|---|---|---|---|---|---|
| TBD | TBD | TBD | TBD | TBD | True positive / false positive / authorized | Blocked/escalated/closed | Yes/No | TBD |
Minimum checks
- Alert reviewed.
- False positive decision justified.
- True positive escalated where needed.
- Rule tuning considered.
- Closure evidence retained.
- Template
- Iso27001
- Technological controls
- Dlp
- Monitoring
Note Metadata
Aliases: DLP Alert Log
Source: 90 Templates/DLP Alert Review and Tuning Log.md
Related Notes
- ISO 27001 A.5.25 - Assessment and Decision on Information Security Events
- ISO 27001 A.5.26 - Response to Information Security Incidents
- A.8.12 Audit Evidence Pack
- ISO 27001 A.8.12 - Data Leakage Prevention
- A.8 Technological Controls MOC
- A.8 Technological Controls Implementation Guide
- A.8 Technological Controls Audit Guide
- A.8 Technological Controls Implementation Audit Risk Mapping
- A.8.12 Audit Checklist
- Templates MOC