In order for an organization's CSIRT to prevent or minimize damage caused by cyber attacks, it is essential to collect and analyze information on a daily basis and take appropriate actions based on impact assessment. In this session, we will examine the issues of information collection, analysis, and evaluation in CSIRTs based on recent incident cases, and explore the direction of solutions.