Cyber security personnel have access to sufficient data sources and tools to ensure that systems can be monitored for key indicators of compromise.
Topic
Access to sufficient data sources and tools
Applicable to
all
History
Priority
must
May 2020
Cyber security personnel have access to sufficient data sources and tools to ensure that systems can be monitored for key indicators of compromise.
Security control 0120 was simplified.
Apr 2020
Cyber security personnel have access to sufficient data sources and tools to ensure that any security alerts generated by systems are investigated and that systems and data sources are able to be searched for key indicators of compromise including but not limited to IP addresses, domains and file hashes.
2015
Agencies must develop, implement and maintain tools and procedures covering the detectionof potential cyber security incidents, incorporating:• counter–measures against malicious code• intrusion detection strategies• audit analysis• system integrity checking• vulnerability assessments.
2010
Agencies must develop, implement and maintain tools and procedures covering the detection of potentialcyber security incidents, incorporating:•••••counter-measures against malicious codeintrusion detection strategiesaudit analysissystem integrity checkingvulnerability assessments.
2008
Agencies must develop, implement and maintain tools and procedures, derived from a risk assessment, covering the detection of potential ICT security incidents, incorporating: a. counter-measures against malicious code b. intrusion detection strategies c. audit analysis d. system integrity checking e. vulnerability assessments.