IT Examiner School eBook
Internal Use Only
Intrusion Detection / Intrusion Prevention IDS = detect & alert IPS = detect, perform action, alert
Systems & processes for monitoring or oversight of intrusion prevention devices
There must be an effective process to monitor, prioritize & respond to notifications
Internal Use Only
Event Logging Event logging provides audit trails and feedback to evaluate & gauge the effectiveness of controls The success of logging depends on what is logged, log filter capabilities & key personnel under-standing what the information means Institutions should have systems for detecting irregular or suspicious activity Security Incident & Event Monitoring (SIEM)
• Aggregation • Correlation • Log integrity • Rulesets • Alerting • Forensics
Made with FlippingBook - Online magazine maker