Detect

These controls focus on situational awareness to ensure the timely identification & response to potential information security or privacy incidents.

By decreasing response time, we increase our ability to limit or contain incidents with the least amount of negative consequences. Controls in this category focus on helping us understand the following:

  • How incidents are detected;
  • What constitutes or defines anomalous behavior; and
  • How the systems are being logged & monitored.

ANOMALIES & EVENTS

The Anomalies and Events section of our Information Security Program addresses the detection of anomalous activity and the understanding of potential event impacts.

Network Traffic Baselines

We establish baselines of network traffic and expected data flows to identify what activities would be considered anomalous behavior.

Event Log Reviews

We analyze detected events to understand the target(s) of attack and the methods used.

Event Correlation

We correlate events logs to improve detection and escalation by bringing together information from different sources to better understand what occurred.

Event Impact Assessment

We assess events to determine appropriate response and recovery activities based on the potential impact.

Incident Alerting Thresholds

We establish thresholds to manage incident alerting and escalation.

CONTINUOUS MONITORING

The Security Continuous Monitoring section of our Information Security Program addresses the monitoring of information systems to identify information security events and verify the effectiveness of protective measures.

Network Monitoring

We monitor network traffic to detect potential information security events.

Physical Monitoring

We monitor the physical environment to detect potential information security events.

Personnel Monitoring

We monitor individual user activities to detect potential information security events.

Malicious Code Detection Mechanisms

We deploy malicious code detection mechanisms to detect and remove malicious code.

Service Provider Monitoring

We monitor our third-party service providers to ensure their compliance with our policies, standards, procedures, and contractual obligations during the procurement phase and annually thereafter.

Periodic Checks

We perform periodic checks for unauthorized personnel, network connections, devices, and software.

Production Vulnerability Scanning

We perform internal and external vulnerability assessment scans on a recurring basis.

DETECTION PROCESSES

The Detection Processes section of our Information Security Program addresses the maintenance and testing of detection processes and procedures to ensure awareness of anomalous events.

Roles & Responsibilities for Event Detection & Response

We assign roles and responsibilities for the detection and response to information security and privacy-related incidents.

Detection Procedures

We take appropriate response actions in accordance with our Incident Response Plan.

Response Exercises

We test our detection processes to ensure that the process is valid and applicable personnel understand their assigned roles and responsibilities.

Information Security Event Coordination

We communicate event detection information among appropriate stakeholders.

Detection Process Improvement

We implement processes to continuously improve our detection processes.