All you need is to have reports generated from security tools in place for example antivirus, proxy, content filter, intrustion prevention systems, etc.. what about firewalls, if no log and reporting tool in place splunk (freeware) or OSSIM (opensource) can be used to generate required reports.
Addition to reports, you have to subscribe to one or more security alerts and news letters.
So how can we spend that hour daily ? simply the following can be done
- Based on Antivirus reports
- Review the top 5 infected computers
- Review the top 5 viruses infections
- Based IPS/IDS reports
- Review IPS/IDS report top 5 source of attacks
- Review IPS/IDS REPORT top 5 targets of attacks
- Based on Proxy or content filtering reports
- Review top 5 visited web sites
- Review web links visited during non working hours or during week ends
- Review suspicious web links.
- Based on Firewall ports
- Review top 5 blocked ports
- Review top 5 blocked internal IP addresses
- Review accessed external ports (UDP/TCP)
- Search pastebin.com for posted information about your entity
- Search zon-h.org for unknown web defacement happened to your web server
- Review security news letters and alerts