While working incidents and also during daily operations of a network environment, it is often useful to track the trust you have in components. For that reason, we frequently use a spreadsheet to contain the various elements. It also serves as a basic record of what has happened on a system or component. I usually track my trust in a system to three levels: trusted (I believe it has security), semi-trusted (it is recovering from an event or is acting funny but investigation did not yield results (I usually leave it in this state with additional ongoing monitoring for ~90 days at least), untrusted (I believe it is suffering an insecure state, is “acting funny” and is under investigation, etc.).
I hope this spreadsheet helps folks looking for an easy way to do this. Complex tools like databases and such are out there too, but this might serve as a quick and dirty tool to get you what you need if you need to undertake this exercise (and I suggest you do…. ). Hope it helps you and your team. Thanks for reading and take care of each other out there.