These controls focus on situational awareness to ensure the timely identification & response to potential information security or privacy incidents.

By decreasing response time, we increase our ability to limit or contain incidents with the least amount of negative consequences. Controls in this category focus on helping us understand the following:

  • How incidents are detected;
  • What constitutes or defines anomalous behavior; and
  • How the systems are being logged & monitored.