Welcome » IT Booklets » Information Security » III Security Operations » III.B Threat Monitoring
Threat monitoring policies should provide for continual and ad
hoc monitoring of threat intelligence communications and systems,
effective incident detection and response, and the use of
monitoring reports in subsequent legal procedures. Management
should establish the responsibility and authority of security
personnel and system administrators for monitoring. Additionally,
management should review and approve the tools used and the
conditions for use.
Threat monitoring should address indicators of vulnerabilities,
attacks, compromised systems, and suspicious users, such as those
who do not comply with or seek to evade security policies.
Monitoring should address incoming and outgoing network traffic,
seeking to identify malicious activity and data exfiltration.
Additionally, the monitoring process should be established and
documented to independently monitor administrators and other users
with higher privileges.