In the ISMS Assistant, the Security Operations module bundles the operational security work: you monitor the threat landscape, track vulnerabilities and incidents, maintain authority contacts, and define escalation and reporting paths. You open the area via Security Operations in the ISMS Assistant and work through the tabs from the overview to the published policy. The result is a configured module that connects threat monitoring with vulnerability and incident management.
Open the module and get oriented
Open Security Operations
In the ISMS Assistant, open the Security Operations area. The page starts on the Dashboard tab and shows the current state: active incidents, open vulnerabilities, and the threat landscape. The tab bar takes you to the other areas.
Understand the three strands
The module runs on three interlocking strands: threats (feed, threat news, threat register), vulnerabilities (technical CVE matches against the CMDB), and incidents (concrete events with escalation and documentation). Each strand can be an input for the others: a new threat triggers a vulnerability check, an exploited vulnerability becomes an incident.
Monitor threats and vulnerabilities
Review the vulnerability feed
Switch to the Vulnerability Feed tab. The list consolidates CVE entries with CVSS severity, EPSS probability, and KEV flag, and is continuously matched against your CMDB. The My assets only filter narrows the view to the matches that affect your documented systems.
Turn a match into a vulnerability
For a relevant entry, choose Report. Cenedril creates a vulnerability from it, which triggers the patch or exception flow. You can hide entries that are not relevant and mark unclear cases for later assessment.
Maintain the threat register
On the Threat Register tab you record structured threats with a relevance rating and links to vulnerabilities and incidents. Use Add entry to open the form, where you enter the threat, its relevance, and optionally the related MITRE ATT&CK techniques. The Threat News tab supplies curated news from NCSC, BSI, and CERT-EU.
Contacts, escalation, and reporting paths
Fill in the authority register
Switch to the Authority Register tab. Here you maintain the contact paths to reporting bodies and emergency services: the responsible NIS-2 reporting body, the data protection authority, law enforcement, and sector-specific supervision. Per entry you record the organisation, contact person, availability, and accepted reporting formats. In a real case, your reporting ability depends directly on this data.
Set up escalation and the Vulnerability Disclosure Policy
On the Setup tab you define the framing parameters. In the Notifications & Escalation section you determine, by severity and time, who is notified and when, and from which threshold leadership is informed. The Information Security Incident Management section controls the parameters of incident handling. In the Vulnerability Disclosure Portal section you record the Vulnerability Disclosure Policy for external security researchers.
Create and publish the policy
Generate and review the policy
Open the Policy tab. Cenedril generates a draft from the organisational context, the selected Annex A controls, and the data maintained here. The escalation table and response times are carried over from the setup. Review the text and add to it where it stays too generic, for example for sector-specific reporting duties.
Complete and publish
After content approval, mark the policy complete per language via Complete and publish it. Use Save Draft to keep an interim state without publishing. An annual review is recommended, especially after NIS-2-relevant incidents or changed regulatory requirements.
Result: the Security Operations module is set up: the vulnerability feed matches against your CMDB, the threat and authority registers are maintained, escalation paths and the Vulnerability Disclosure Policy are in place, and the Security Operations policy is published.