IT Examiner School eBook May 2025

Internal Use Only

Intrusion Detection / Intrusion Prevention IDS = detect & alert IPS = detect, perform action, alert

Systems & processes for monitoring or oversight of intrusion prevention devices

There must be an effective process to monitor, prioritize & respond to notifications

Internal Use Only

Event Logging Event logging provides audit trails and feedback to evaluate & gauge the effectiveness of controls The success of logging depends on what is logged, log filter capabilities & key personnel under-standing what the information means Institutions should have systems for detecting irregular or suspicious activity

Security Incident & Event Monitoring (SIEM) • Aggregation • Correlation • Log integrity • Rulesets • Alerting • Forensics