Network Trace
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

11) Does your organisation have defined processes in place to ensure that all security alerts from logging and monitoring solutions are reviewed and actioned as necessary?

August 30, 2022
Network and Cloud Security
Network Monitoring

Answer yes if your organisation has processes in place to frequently review and act upon events and alerts from security logs and monitoring tools. Please describe your processes for different types of security logs and events in the notes section.

Your organisation may have a variety of logging and monitoring mechanisms which generate alerts when a set of rules is triggered which indicates a potential security concern.

These alerts only provide an effective way to identify and respond to potential security incidents if they are triaged and acted upon in an appropriate way. This may be a combination of automated filtering and human review. Alerts which are deemed to be a potential indication of a security incident should be investigated.

How to implement the control

Playbooks should be developed to define in detail the steps taken to triage, investigate, escalate and remediate security alerts as necessary. Different playbooks may be required for different types of alerts, depending on your specific technology.

Larger organisations choose to ingest all security alerts into a Security Incident and Event Management (SIEM) platform to help collate and correlate alerts from different systems and support investigation.

The UK National Cyber Security Centre (NCSC) has produced some useful guidance on implementing effective logging and monitoring.

If you would like to contribute to this article or provide feedback, please email Contributors will be recognised on our contributors page.

Pattern Trapezoid Mesh

Defend against supply chain attacks with Defend-As-One.

No organisation is an island.