More rigorous monitoring is performed for higher priority assets
Context and Guidance: Monitoring requirements defined in SITUATION-2c are enhanced to include consideration of asset-level risks identified through risk management activities, so that more rigorous monitoring is done for higher risk assets (such as assets deemed important to delivery of the function, safety systems, and assets containing sensitive information assets). In the context of this practice, more rigorous describes an approach that is complete and comprehensive, includes coverage of all key controls, is regularly reviewed and adjusted based on environmental changes, and is persistent and continuous (rather that intermittent and discrete.). For example, the organisation may establish requirements to monitor access logs for assets containing sensitive data. Organisations that have very mature monitoring capabilities with no opportunity for further implementation of this practice as written should consider a response of fully implemented.
Related Practices • Input From: Implementing ASSET-1c provides input that may be useful for implementing this practice. • Progression: This practice is part of a practice progression. Practice progressions are groups of related practices that represent increasingly complete or more advanced implementations of an activity. The practices in this progression include: SITUATION-2a, SITUATION-2b, SITUATION-2c, SITUATION-2f, SITUATION-2g.