Skip to main content

Part of Data Security Standard 6 - Responding to incidents

Monitoring (6.3.4)

Previous Chapter

Repeat data security incidents (6.3.5)

Current Chapter

Current chapter – Monitoring (6.3.4)

View all

Next Chapter

Fraud (6.3.4)

You should be able to detect cyber events that can have an impact on your systems and services.

It's unlikely that you will have one monitoring solution in place. Monitoring and responding should be considered a multifaceted approach between people, processes and technology.

If you find the organisation has the technical capabilities to detect and log cyber events but not the people capacity to respond to them, this does not reduce your attack surface and makes you more liable to repeat data security incidents.

The NCSC has security monitoring guidance in its NIS collection

The organisation has a proportionate monitoring solution to detect cyber events on systems and services.

 

Last edited: 27 September 2022 11:12 am

Previous Chapter

Repeat data security incidents (6.3.5)

Next Chapter

Fraud (6.3.4)

Chapters

  1. Data Security Standard 6 - Responding to incidents
  2. Incident reporting (6.1.1)
  3. The incident reporting system (6.1.1)
  4. Incident management system (6.1.1)
  5. An informed and empowered audience (6.1.1)
  6. Notifying local leaders, national bodies and individuals of a data breach (6.1.2, 6.1.3)
  7. End point anti-virus (6.2.1 - 6.2.9)
  8. Always on, always connected, always up to date (6.2.3 - 6.2.4)
  9. Blocking web malicious content (6.2.5)
  10. Email server software (6.2.6 - 6.2.9)
  11. Acting upon known vulnerabilities (6.3.1 - 6.3.5)
  12. NHS Cyber Alerts Service (6.3.2)
  13. Repeat data security incidents (6.3.5)
  14. Monitoring (6.3.4)
  15. Fraud (6.3.4)