Cyber-Security-Monitoring-Guide

More documents

Recommendations

Info

Cyber Security Monitoring and Logging GuideContentsPart 1 - Introduction and overview• About this Guide.......................................................................................................................................... 6• Audience...................................................................................................................................................... 6• Purpose and scope....................................................................................................................................... 7• A practical solution....................................................................................................................................... 7• Rationale...................................................................................................................................................... 8• Requirements survey.................................................................................................................................... 9• Standards and guidelines.............................................................................................................................. 9Part 2 – Setting the scene• Overview.................................................................................................................................................... 10• Defining a cyber security incident............................................................................................................... 10• Typical phases in a cyber security attack...................................................................................................... 11• Main cyber security monitoring and logging challenges.............................................................................. 13• Standards and guidelines............................................................................................................................ 14• The need for support from third party experts............................................................................................ 15Part 3 – Cyber security log management• Requirements............................................................................................................................................. 16• Logging challenges..................................................................................................................................... 17• Configuring cyber security event logs......................................................................................................... 18• Centralised log management...................................................................................................................... 19• Prioritising log use...................................................................................................................................... 20• Targeted log identification.......................................................................................................................... 22• Analysing logs and alerts............................................................................................................................ 23• Using log management tools...................................................................................................................... 24Part 4 – Cyber security monitoring process• The essentials of cyber security monitoring................................................................................................. 25• Monitoring purpose and scope................................................................................................................... 25• Cyber security monitoring challenges......................................................................................................... 26• Prerequisites for cyber security monitoring.................................................................................................. 26• Key phases in the monitoring process......................................................................................................... 28• Indicators of compromise........................................................................................................................... 29• Cyber security threat intelligence................................................................................................................ 31• Links to cyber security incident response..................................................................................................... 34• The need for collaboration......................................................................................................................... 364
Cyber Security Monitoring and Logging GuideContentsPart 5 – Security operations centres• Overview.................................................................................................................................................... 37• People, process, technology and information.............................................................................................. 38• People........................................................................................................................................................ 40• Process....................................................................................................................................................... 42• Technology................................................................................................................................................. 44• Information................................................................................................................................................ 45• SOC qualifications...................................................................................................................................... 45Part 6 – Choosing a suitable supplier• Cyber security monitoring and logging approaches.................................................................................... 46• The supplier selection process..................................................................................................................... 46• Understand the benefits of using third party experts................................................................................... 48• Determine what activities should be outsourced......................................................................................... 49• Types of service available............................................................................................................................ 50• Define supplier selection criteria................................................................................................................. 50• Appoint selected supplier(s)........................................................................................................................ 51• Make the appointment............................................................................................................................... 52Part 7 – Cyber security monitoring and logging capability in practice• Summary of key findings............................................................................................................................ 53• Implementing a cyber security monitoring and logging capability............................................................... 531. Develop a cyber security monitoring and logging plan......................................................................... 532. Carry out prerequisites for cyber security monitoring and logging........................................................ 543. Identify sources of potential indicators of compromise......................................................................... 554. Design your cyber security monitoring and logging capability.............................................................. 555. Build or buy suitable cyber security monitoring and logging services.................................................... 566. Integrate the capability into your cyber security framework.................................................................. 587. Maintain the cyber security monitoring and logging capability............................................................. 585
Page 1: Cyber SecurityMonitoring and Loggin
Page 6 and 7: Cyber Security Monitoring and Loggi
Page 54 and 55:
Cyber Security Monitoring and Loggi
Page 56 and 57:
Page 58 and 59:
Page 60:
The quadrants in this diagram outli
show all

Cyber-Security-Monitoring-Guide

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?