The second element of IT Governance’s Cyber Resilience Framework focuses on monitoring your organisation’s information and information systems for anomalies.
It should cover:
Your organisation’s systems, networks and security measures should be continually observed and logged, both through automated means and through less frequent activities such as vulnerability scanning and penetration testing. Any identified anomalies and weaknesses should be acted upon.
Your organisation should also actively seek to detect incidents (for example, by manually reviewing audit logs and gathering intelligence from outside the organisation). Measures should be put in place to help detect malicious activity that might otherwise be difficult to identify.
The extent to which you implement these measures will depend on your own environment and compliance requirements.