💼 Frameworks
💼 APRA CPG 234
💼 26 Incident management - Detection of security compromises
💼 67 Detection mechanisms typically include scanning, sensing and logging mechanisms which can be used to identify potential information security incidents. Monitoring processes could include the identification of unusual patterns of behaviour and logging that facilitates investigation and preserves forensic evidence. The strength and nature of monitoring controls would typically be commensurate with the impact of an information security incident. Monitoring processes would consider the broad set of events, ranging from the physical hardware layer to higher order business activities such as payments and changes to user access.

💼 67 Detection mechanisms typically include scanning, sensing and logging mechanisms which can be used to identify potential information security incidents. Monitoring processes could include the identification of unusual patterns of behaviour and logging that facilitates investigation and preserves forensic evidence. The strength and nature of monitoring controls would typically be commensurate with the impact of an information security incident. Monitoring processes would consider the broad set of events, ranging from the physical hardware layer to higher order business activities such as payments and changes to user access.

Contextual name: 💼 67 Detection mechanisms typically include scanning, sensing and logging mechanisms which can be used to identify potential information security incidents. Monitoring processes could include the identification of unusual patterns of behaviour and logging that facilitates investigation and preserves forensic evidence. The strength and nature of monitoring controls would typically be commensurate with the impact of an information security incident. Monitoring processes would consider the broad set of events, ranging from the physical hardware layer to higher order business activities such as payments and changes to user access.
ID: /frameworks/apra-cpg-234/26/67
Located in: 💼 26 Incident management - Detection of security compromises

Description

Empty...

Section	Internal Rules	Policies
💼 67a network and user profiling that establishes a baseline of normal activity which, when combined with logging and alerting mechanisms, can enable detection of anomalous activity;	18	21
💼 67b scanning for unauthorised hardware, software and changes to configurations;	7	8
💼 67c sensors that provide an alert when a measure breaches a defined threshold(s) (e.g. device, server and network activity);	10	10
💼 67d logging and alerting of access to sensitive data or unsuccessful logon attempts to identify potential unauthorised access;	1	1
💼 67e users with privileged access accounts subject to a greater level of monitoring in light of the heightened risks involved.	1	1