.png)
Subjekts veic piemērotus un samērīgus tehniskos un organizatoriskos pasākumus, lai pārvaldītu kiberriskus subjekta izmantoto elektronisko sakaru tīklu un informācijas sistēmu drošībai un novērstu vai līdz minimumam samazinātu kiberincidentu ietekmi uz subjekta pakalpojumu saņēmējiem un uz citiem pakalpojumiem.
Organization should use tools that support both manual and automated searches, including criteria-based searches. The tool should be able to automatically collate data from different sources to more easily determine whether an incident is genuine, as well as its scope and nature.
These operations and processes can be implemented with SIEM (Security information and event management). SIEM solutions use analytics tools, technology and algorithms (e.g., newer SIEM solutions employ applied machine learning) to help detect unknown threats and abnormalities in the security-relevant data. Also SIEM solutions allow organizations to modify already existing (which usually come pre-configured) and add criteria-based alerts to match known threats. These things will help detect threats earlier.
Often, security tools provide a way to set alert policies when something potentially dangerous happens in an organization's environment. For example, Microsoft 365 has built-in alert policies to alert you to abuse of administrator privileges, malware, potential internal and external risks, and data security risks.
The organization must identify security-related events in data systems and the environments in which they operate. To respond to changes related to these events, alarm policies must be created.
Alarm policies need to be actively monitored and modified based on experience.
Examples of traffic filtering and monitoring systems are firewalls, routers, intrusion detection or prevention systems (IDS / IPS) and network devices / servers / applications with similar functionalities.
To ensure the functionality of filtering and monitoring:
Organization's data systems and network must be monitored to detect abnormal use. When anomalities are detected, the organization must take the necessary measures to assess the possibility of security incident.
The monitoring should utilize tools that enable real-time or regular monitoring, taking into account the organization's requirements. Monitoring practices should be able to manage large amounts of data, adapt to changing threat environment, and send alerts immediately when necessary.
Inclusion of the following sources in the monitoring system should be considered:
li>
Organization must also establish procedures for identifying and correcting "false positive" results, including tuning monitoring software for more accurate anomaly detection.
In Cyberday, all frameworks’ requirements are mapped into universal tasks, so you achieve multi-framework compliance effortlessly.
.png)
