IT & Security Prompts to Understand Your Business Better

Build chronological incident timeline from logs. Normalize timestamps, identify first malicious action, map lateral movement.

Correlate indicators against threat feeds. Map TTPs to MITRE ATT&CK, assess confidence in findings.

Define KPIs for SOC performance: alert volume, MTTD, MTTR, false positive rate, true positive count, trend.

Conduct root cause analysis on high-volume false positive alert types. Identify legitimate triggers and rule logic flaws.

Audit firewall rules to identify unused, overly permissive, or redundant rules for retirement or tightening.

Review remote access controls (VPN, bastion, RDP) to ensure security and usability for distributed teams.

Map security controls to compliance framework requirements. Document evidence and identify gaps.

Conduct risk assessment: identify threats, assess likelihood and impact, calculate risk scores, prioritize mitigations.

Establish compliance KPIs: control status, audit findings, risk status, incident metrics, training compliance, vendor compliance.

Establish metrics: vulnerability count by severity, aging, SLA compliance, MTTR, unpatched rate, patch coverage.

Use access analytics to detect anomalies: unusual access patterns, access during off-hours, data exfiltration risk.

Conduct forensic data collection from compromised systems: preserve evidence, maintain chain of custody.

Analyze incident to attribute attack to specific threat actor. Map TTPs to MITRE ATT&CK, correlate IOCs.

Assess incident severity and impact: scope, data sensitivity, confidentiality, integrity, availability, business impact.

Conduct post-incident review: timeline, root cause, detection gaps, response analysis, recommendations.

Build IT asset inventory with discovery tools. Capture: identifier, type, location, owner, purchase date, cost, status.

You are a security manager preparing for SOC 2 Type II certification. Current state: [DESCRIBE: Company stage, data processed (what type of customer data), current security controls in place, any prior audits or certifications, target audit date, audit firm selected or being selected, any known control gaps] Assess readiness across the 5 TSC criteria: 1) Security — access controls, encryption, intrusion detection, vulnerability management 2) Availability — uptime monitoring, incident response, disaster recovery, backup procedures 3) Processing integrity — data processing accuracy, validation, and completeness controls 4) Confidentiality — data classification, handling procedures, encryption at rest and in transit 5) Privacy — personal data handling, consent, retention, and deletion procedures For each: current control state / gap / remediation required before audit. Output: SOC 2 readiness assessment. Gap analysis by criteria. Remediation plan with timeline. Pre-audit checklist.

You are a privacy officer reviewing data privacy compliance. Data processing data: [DESCRIBE: Data types processed (PII/sensitive/financial/health), customers' jurisdictions (GDPR/CCPA/LGPD/PIPEDA), current privacy policy, consent mechanisms, data retention policies, data subject request process, third-party data processors] Review compliance: 1) Lawful basis for processing — for each data type, is there a documented lawful basis (consent/contract/legitimate interest)? 2) Privacy notice — is the privacy notice accurate, accessible, and written in plain language? 3) Data subject rights — can individuals exercise their rights (access/deletion/portability/objection) within regulatory timelines? 4) Data processors — are all third-party processors under a Data Processing Agreement (DPA)? 5) Data transfers — are cross-border data transfers covered by appropriate mechanisms (SCCs/adequacy decision)? Output: Privacy compliance review. Jurisdiction-specific gaps. Rights fulfillment process. DPA status with third parties. Transfer mechanism compliance.