8.16 Monitoring Activities
Control
Networks, systems and applications should be monitored for anomalous behaviour and appropriate actions taken to evaluate potential information security incidents.
Purpose
Monitoring activities in information security refers to the ongoing process of observing and analyzing system and network activity in order to identify and respond to potential security threats and vulnerabilities.
Implementation Guidance
Monitoring activities can include the use of various tools and techniques, such as:
- Intrusion detection and prevention systems (IDPS): These systems monitor network traffic and use rules, signatures, and other techniques to detect and block malicious activity.
- Security Information and Event Management (SIEM) systems: These systems collect and analyze log data from multiple sources, such as servers, network devices, and applications, to detect and alert on potential security incidents.
- Vulnerability scanning and penetration testing: These activities involve using automated tools or manual techniques to identify and assess systems, networks, and applications vulnerabilities.
- Behavioral analysis: This approach monitors the behaviour of users, systems, and network traffic to detect any abnormal or malicious activity.
- Network and system monitoring: This involves monitoring the performance and availability of systems, networks, and applications to ensure that they are functioning correctly and to detect any issues that could affect security.
- Security cameras and physical access controls: This involves monitoring the physical access to the buildings and data centers, to detect any unauthorised access, and also to record the activities to be used in case of an incident. The goal of monitoring activities is to detect and respond to security incidents as quickly as possible in order to minimize the impact of the incident, and to improve overall security posture of the organisation. It is important to have a well-defined monitoring plan in place and to ensure that the monitoring tools and processes are effective, efficient, and compliant with regulatory requirements.
< Back to Controls
ISO 27001:2022
Technological Controls
AvISO will be updating and reviewing all the information regularly, so keep us bookmarked and keep checking!
Got a question or need help? Don't hesitate to reach out to our team.
27002:2022 Related Controls
CLick to view control
ask a question
If you would like to know more about ISO Standards, Certification and the value of a good management system you can add to your business we would love to hear from you: Kent: 01892 800476 | London: 02037 458 476 | info@avisoconsultancy.co.uk
iso standards
ISO 9001 – Quality Management System Standard
ISO 14001 – Environmental Management System Standard
ISO 27001 – Information Security Management System Standard
ISO 45001 – Health and Safety Management Standard
ISO 50001 – Energy Management System Standard
ISO 20121 – Event Sustainability Management System Standard
TISAX® – Information Security for the Automotive Industry
ISO 20001 - Information Technology Service Management Part 1
ISO 27701:2019 – Privacy Management System Standard
ISO 30071-1 Digital Accessibility Standard
ISO 37001 – Anti-Bribery Management System Standard
ISO 17024 - Conformity Assessment of the Certification of Persons
ISO 17025 – The Competence of Testing and Calibration Laboratories
IATF 16949 – Automotive Quality Management System Standard
ISO 44001- Collaborative Business Relationships
BS 8900 - Guidance for Managing Sustainable Development
ISO 22000 – Food Safety Management System Standard
BES 6001 - Responsible Sourcing of Construction Products
Cyber Essentials
FIAS Standards
MOD Standards
ISO 22301 – Business Continuity Management System Standard
ISO 37301:2021 – Legal Compliance Management System
ISO 13485 – Medical Devices (Coming Soon)
LEXCEL – Legal Management System
AS 9100 - Aerospace Quality Management System | Aqms
SOC2 Compliance
ISO 14067 - Carbon Calculator
ISO 14064:1 - Quantification And Reporting Of Greenhouse Gas Emissions And Removals
ISO 14046 – Water Footprint
PAS 2060 - Carbon Neutrality
ESOS – Energy Savings Opportunity Scheme
SECR - Streamlined Energy And Carbon Reporting
Energy Audits
Environmental Product Declarations (Coming Soon)
B Corp Certification
ISO 31000 - Risk Management
ISO 45003 - Occupational Health and Safety Management
ISO 42001:2023 - Artificial Intelligence
The Digital Operational Resilience Act (DORA)
FIA Environmental Accreditation
