Monitoring activities are aligned with the threat profile (THREAT-2e)
Context and Guidance: Monitoring requirements should include (among other things) activities that collect information relevant to the function’s threat profile. To align monitoring with the threat profile, organisations should review the targeted assets, objectives, and attack methods that may be employed by threat actors and adjust monitoring activities accordingly. For example, if the threat profile includes a threat involving a nation state actor known to use spear phishing, email could be monitored for specific characteristics known to occur in those phishing emails.
Related Practices • Dependency: Implementing this practice depends upon prior implementation of THREAT-2e. • Progression: This practice is part of a practice progression. Practice progressions are groups of related practices that represent increasingly complete or more advanced implementations of an activity. The practices in this progression include: SITUATION-2a, SITUATION-2b, SITUATION-2c, SITUATION-2f, SITUATION-2g.