Event data is aggregated from multiple sources.
Accepted organisational risks are monitored through defined abuse cases.
Personnel security and awareness is monitored and periodically tested.
Specification
Tooling is available to monitor risks and compliance to regulations
ISO 27001 & 27002:2022
A5.25,
A5.27,
A5.35,
A5.36,
A5.4,
A6.3,
A6.4,
A6.6,
A7.7,
A8.1,
A8.8,
A8.15,
A8.16,
A8.19,
A8.29,
A8.34
SURF toetsingskader informatiebeveiliging (NBA-volwassenheidsmodel)
SM.04 Logging
SM.05 Security testing surveillance and monitoring
HR.06 Security awareness
RM.02 Risk assessment