DETECT
DETECT
Detect – activities that recognize the event of a cybersecurity occasion right on time. This function ensures that anomalies and events are detected, capabilities to monitor cybersecurity events and verify the effectiveness of protective measures and to provide awareness of anomalous events.
Detect categories include:
‣ Anomalies and Events – anomalous activity is detected in a timely manner, potential impact of aberrant activity is understood and incident alert thresholds are established.
‣ Security Continuous Monitoring – – the network, physical environments, user and service provider activity should be monitored to identify cybersecurity events and verify the effectiveness of protective measures.
‣ Detection Processes – maintaining all processes and procedures related to the detection of anomalous activity and protections against cybersecurity events. This includes defining roles and responsibilities involved in detection, and also ensuring that these activities are fully tested and continually improved.
