The Security Monitoring and Attack Detection Planning Guide is a practical support document for business and information technology professionals who are working to develop systems to monitor security on a network and to detect intruders. Its primary goals and objectives are to:
- Introduce the concepts of security monitoring and attack detection.
- List applications that can provide event log correlation.
- Describe best practice activities and processes for developing a security monitoring and attack detection system.
- Identify business, technical, and security issues for:
- Detecting policy violations
- Detecting external attacks
- Implementing forensic analysis
- Design a security monitoring and attack detection solution that can identify when attacks on the network take place.
- Provide the ability to implement data retention for Forensic Analysis.