ANOMALIES & EVENTS
The Anomalies and Events section of our Information Security Program addresses the detection of anomalous activity and the understanding of potential event impacts.
Network Traffic Baselines
We establish baselines of network traffic and expected data flows to identify what activities would be considered anomalous behavior.
Event Log Reviews
We analyze detected events to understand the target(s) of attack and the methods used.
Event Correlation
We correlate events logs to improve detection and escalation by bringing together information from different sources to better understand what occurred.
Event Impact Assessment
We assess events to determine appropriate response and recovery activities based on the potential impact.
Incident Alerting Thresholds
We establish thresholds to manage incident alerting and escalation.
CONTINUOUS MONITORING
The Security Continuous Monitoring section of our Information Security Program addresses the monitoring of information systems to identify information security events and verify the effectiveness of protective measures.
Network Monitoring
We monitor network traffic to detect potential information security events.
Physical Monitoring
We monitor the physical environment to detect potential information security events.
Personnel Monitoring
We monitor individual user activities to detect potential information security events.
Malicious Code Detection Mechanisms
We deploy malicious code detection mechanisms to detect and remove malicious code.
Service Provider Monitoring
We monitor our third-party service providers to ensure their compliance with our policies, standards, procedures, and contractual obligations during the procurement phase and annually thereafter.
Periodic Checks
We perform periodic checks for unauthorized personnel, network connections, devices, and software.
Production Vulnerability Scanning
We perform internal and external vulnerability assessment scans on a recurring basis.
DETECTION PROCESSES
The Detection Processes section of our Information Security Program addresses the maintenance and testing of detection processes and procedures to ensure awareness of anomalous events.
Roles & Responsibilities for Event Detection & Response
We assign roles and responsibilities for the detection and response to information security and privacy-related incidents.
Detection Procedures
We take appropriate response actions in accordance with our Incident Response Plan.
Response Exercises
We test our detection processes to ensure that the process is valid and applicable personnel understand their assigned roles and responsibilities.
Information Security Event Coordination
We communicate event detection information among appropriate stakeholders.
Detection Process Improvement
We implement processes to continuously improve our detection processes.