By decreasing response time, we increase our ability to limit or contain incidents with the least amount of negative consequences. Controls in this category focus on helping us understand the following:
The Anomalies and Events section of our Information Security Program addresses the detection of anomalous activity and the understanding of potential event impacts.
We establish baselines of network traffic and expected data flows to identify what activities would be considered anomalous behavior.
We analyze detected events to understand the target(s) of attack and the methods used.
We correlate events logs to improve detection and escalation by bringing together information from different sources to better understand what occurred.
We assess events to determine appropriate response and recovery activities based on the potential impact.
We establish thresholds to manage incident alerting and escalation.
The Security Continuous Monitoring section of our Information Security Program addresses the monitoring of information systems to identify information security events and verify the effectiveness of protective measures.
We monitor network traffic to detect potential information security events.
We monitor the physical environment to detect potential information security events.
We monitor individual user activities to detect potential information security events.
We deploy malicious code detection mechanisms to detect and remove malicious code.
We monitor our third-party service providers to ensure their compliance with our policies, standards, procedures, and contractual obligations during the procurement phase and annually thereafter.
We perform periodic checks for unauthorized personnel, network connections, devices, and software.
We perform internal and external vulnerability assessment scans on a recurring basis.
The Detection Processes section of our Information Security Program addresses the maintenance and testing of detection processes and procedures to ensure awareness of anomalous events.
We assign roles and responsibilities for the detection and response to information security and privacy-related incidents.
We take appropriate response actions in accordance with our Incident Response Plan.
We test our detection processes to ensure that the process is valid and applicable personnel understand their assigned roles and responsibilities.
We communicate event detection information among appropriate stakeholders.
We implement processes to continuously improve our detection processes.