What should be the INITIAL response to Intrusion Detection System/Intrusion Prevention System (IDS/IPS) alerts?
When should compliance to the SLA be reviewed to ensure that a good security posture is being delivered?