Please enable JavaScript.
Coggle requires JavaScript to display documents.
Massachusetts Information Security Incident Standards Statements (6.1…
6.3 Incident Identification, Investigation and Analysis
-
6.3.2. Per the Logging and Event Monitoring Standard, security alerts from security monitoring systems, including but not limited to intrusion detection and prevention, firewalls, email and file-integrity monitoring systems shall be collected and monitored.
6.3.2.1. The Security Operations Center (SOC) shall analyze log information from security monitoring systems to establish a baseline of events expected for the normal system and network operations. Commonwealth Executive Offices and Agencies must ensure that any exceptions from these baseline events shall be reported to the responsible Information Owner.
6.3.2.2. External feed sources, including resources from the Fusion Center, shall be
leveraged to assist with the incident response process.
A security incident is defined as any event which has the potential or has already resulted in the unauthorized acquisition, misappropriation, use or manipulation of information that compromises the confidentiality, integrity or availability of the Commonwealth’s information assets. Examples include, but are not limited to:
-
-
-
-
-
-