Direct links from the subject.
| Property | Value |
|---|---|
|
The subject is an instance of a class. |
|
|
The subject is an instance of a class. |
An idea or notion; a unit of thought. |
|
A human-readable name for the subject. |
DE.AE-02.2: The organisation shall implement automated mechanisms where feasible to review and analyse detected events. |
|
DE.AE-02.2 |
|
|
http://cyfun.data.gift/data/loc_CyFun2025_Booklet_ESSENTIAL_E_p156 |
|
|
Relates a concept to a concept that is more general in meaning. |
|
|
A general note, for any purpose. |
The goal of this control is to ensure that the organisation uses automation, where practical, to support the efficient and consistent reviewand analysis ofdetected cybersecurityevents.This helps reduce the risk ofhuman error, speeds up threat detection and response, and allows limited security resources (especially in smaller organisations) to focus on higher-value tasks like investigating complex incidents or improving defences. To achieve this goal, the following should be considered: - Use Built-in Capabilities Enableandconfigureloggingandalertingfeaturesinexistingplatforms(e.g. Microsoft365,GoogleWorkspace, firewalls) to automatically detect suspicious activity. - Deploy Lightweight Detection Tools Use affordable endpoint detection and response (EDR) solutions that offerautomated alerts and basic analysis, such as detecting malware or unusual login behaviour. - Consider Managed Detection Services For organisations with limited internal resources, a Managed Detection and Response (MDR) service can provide outsourced monitoring, threat detection, and incident response. - Automate High-Impact Areas Focus automation on common threat indicators, such as: - Multiple failed login attempts - Unusual access to sensitive files - Unexpected outbound traffic - Integrate Threat Intelligence Use free or low-cost threat intelligence feeds to enhance detection tools with known indicators of com- promise and attacker behaviours. - Maintain Manual Review Practices Schedule regular manual reviews of logs and alerts to identify threats that automated tools may miss, especially those involving new or subtle attack techniques. |
|
A general note, for any purpose. |
<div><p>The goal of this control is to ensure that the organisation uses automation, where practical, to support the efficient and consistent reviewand analysis ofdetected cybersecurityevents.This helps reduce the risk ofhuman error, speeds up threat detection and response, and allows limited security resources (especially in smaller organisations) to focus on higher-value tasks like investigating complex incidents or improving defences. To achieve this goal, the following should be considered:</p><ul><li>Use Built-in Capabilities Enableandconfigureloggingandalertingfeaturesinexistingplatforms(e.g. Microsoft365,GoogleWorkspace, firewalls) to automatically detect suspicious activity.</li><li>Deploy Lightweight Detection Tools Use affordable endpoint detection and response (EDR) solutions that offerautomated alerts and basic analysis, such as detecting malware or unusual login behaviour.</li><li>Consider Managed Detection Services For organisations with limited internal resources, a Managed Detection and Response (MDR) service can provide outsourced monitoring, threat detection, and incident response.</li><li>Automate High-Impact Areas Focus automation on common threat indicators, such as:<ul><li>Multiple failed login attempts</li><li>Unusual access to sensitive files</li><li>Unexpected outbound traffic</li></ul></li><li>Integrate Threat Intelligence Use free or low-cost threat intelligence feeds to enhance detection tools with known indicators of com- promise and attacker behaviours.</li><li>Maintain Manual Review Practices Schedule regular manual reviews of logs and alerts to identify threats that automated tools may miss, especially those involving new or subtle attack techniques.</li></ul></div> |
|
A general note, for any purpose. |
The goal of this control is to ensure that the organisation uses automation, where practical, to support the efficient and consistent reviewand analysis ofdetected cybersecurityevents.This helps reduce the risk ofhuman error, speeds up threat detection and response, and allows limited security resources (especially in smaller organisations) to focus on higher-value tasks like investigating complex incidents or improving defences. To achieve this goal, the following should be considered: • Use Built-in Capabilities Enableandconfigureloggingandalertingfeaturesinexistingplatforms(e.g. Microsoft365,GoogleWorkspace, firewalls) to automatically detect suspicious activity. • Deploy Lightweight Detection Tools Use affordable endpoint detection and response (EDR) solutions that offerautomated alerts and basic analysis, such as detecting malware or unusual login behaviour. • Consider Managed Detection Services For organisations with limited internal resources, a Managed Detection and Response (MDR) service can provide outsourced monitoring, threat detection, and incident response. • Automate High-Impact Areas Focus automation on common threat indicators, such as: o Multiple failed login attempts o Unusual access to sensitive files o Unexpected outbound traffic • Integrate Threat Intelligence Use free or low-cost threat intelligence feeds to enhance detection tools with known indicators of com- promise and attacker behaviours. • Maintain Manual Review Practices Schedule regular manual reviews of logs and alerts to identify threats that automated tools may miss, especially those involving new or subtle attack techniques. |
|
A general note, for any purpose. |
The goal of this control is to ensure that the organisation uses automation, where practical, to support the efficient and consistent reviewand analysis ofdetected cybersecurityevents.This helps reduce the risk ofhuman error, speeds up threat detection and response, and allows limited security resources (especially in smaller organisations) to focus on higher-value tasks like investigating complex incidents or improving defences. To achieve this goal, the following should be considered: - Use Built-in Capabilities Enableandconfigureloggingandalertingfeaturesinexistingplatforms(e.g. Microsoft365,GoogleWorkspace, firewalls) to automatically detect suspicious activity. - Deploy Lightweight Detection Tools Use affordable endpoint detection and response (EDR) solutions that offerautomated alerts and basic analysis, such as detecting malware or unusual login behaviour. - Consider Managed Detection Services For organisations with limited internal resources, a Managed Detection and Response (MDR) service can provide outsourced monitoring, threat detection, and incident response. - Automate High-Impact Areas Focus automation on common threat indicators, such as: - Multiple failed login attempts - Unusual access to sensitive files - Unexpected outbound traffic - Integrate Threat Intelligence Use free or low-cost threat intelligence feeds to enhance detection tools with known indicators of com- promise and attacker behaviours. - Maintain Manual Review Practices Schedule regular manual reviews of logs and alerts to identify threats that automated tools may miss, especially those involving new or subtle attack techniques. |
|
A notation, also known as classification code, is a string of characters such as "T58.5" or "303.4833" used to uniquely identify a concept within the scope of a given concept scheme. |
DE.AE-02.2 |
|
skos:prefLabel, skos:altLabel and skos:hiddenLabel are pairwise disjoint properties. |
Automated event analysis |
|
A resource has no more than one value of skos:prefLabel per language tag, and no more than one value of skos:prefLabel without language tag. |
The organisation shall implement automated mechanisms where feasible to review and analyse detected events. |
|
Relates a resource (for example a concept) to a concept scheme in which it is included. |
|
|
Relates a resource (for example a concept) to a concept scheme in which it is included. |
http://cyfun.data.gift/data/CyFun2025_delta_IMPORTANT_to_ESSENTIAL |
|
Relates a resource (for example a concept) to a concept scheme in which it is included. |
|
|
The number of triples associated with the subject. |
17 |
|
Specifies the dataset the subject is part of. |
Resultaten 1 - 19 of 19
Inverse links to the subject.
| Property | Subject |
|---|---|
|
Relates a concept to a concept that is more specific in meaning. |
Resultaten 1 - 1 of 1