Network security management relies on the organization's overall understanding and mastery of the system environment. "Monitoring activities" in the new version of ISO27001:2022 is an important part of passive monitoring. You may find it strange to see here, isn't this the A.12.4 logging and monitoring of the old version of ISO27001:2013? In fact, the old version of A.12.4 logging and monitoring is called A.8.15 event logging (Logging) in the new version, the reason why "activity monitoring" is captured and discussed is mainly to detect abnormal behaviors and potential information security incidents, to achieve continuous protection by finding abnormal symptoms in network traffic and take appropriate countermeasures.
In the past, activity monitoring was not easy, and it took a lot of experience to accurately catch the problems hidden in a large number of network packets. Fortunately, in the era of continuous optimization of network equipment, intelligent equipment has been born, which helps to save the time of packet filtering, and can do a perfect job in activity monitoring.
ISO/IEC 27002:2022 recommends that specific implementations can be implemented using the previously mentioned threat intelligence collection and utilization loop mechanism, monitoring with machine learning or AI, using blacklists/whitelists, performing vulnerability scans/penetration testing, installation and does implement antivirus/detection software etc. The perfect activity monitoring operation can be roughly divided into several aspects as shown below:
Finally, it is important for network administrators to properly utilize network equipment for activity monitoring. However, as the types of network attacks continue to change with each passing day, network administrators should also maintain the concept of continuous learning of new knowledge and update the current new types of network hacking methods in order to maximize the use of the characteristics and performance of network equipment and help their affiliated enterprises. The unit maintains the security and integrity of the information territory.
-ASF Lead Auditor Johnny Su