The second element of IT Governance’s Cyber Resilience Framework focuses on monitoring your organisation’s information and information systems for anomalies.
The extent to which you implement the below measures will depend on your environment and compliance requirements.
Your organisation’s systems, networks and security measures should be continually observed and logged, both through automated means and through less frequent activities such as vulnerability scanning and penetration testing. Any identified anomalies and weaknesses should be acted upon.
Your organisation should also actively seek to detect incidents (for example, by manually reviewing audit logs and gathering intelligence from outside the organisation). Measures should be put in place to help detect malicious activity that might otherwise be difficult to identify.