Skip to main content
MuonPartners
Services
Architecture

Solution design and technology roadmapping

Solution AssessmentTechnology RoadmapsIntegration DesignSolution ArchitectureTechnical Design
Cyber Security

Security assessments, IAM, and compliance

AssessmentsIAMComplianceSecurity BaselineCyber Innovation
Network and Platform

Network architecture and cloud platforms

Network DesignCloud StrategyModernisation
Enterprise Architecture

Business-technology alignment

Business AlignmentPortfolio AnalysisGovernance
View all services
ProjectsCase StudiesInsightsToolsAbout
Contact Us

Services

Architecture
Solution AssessmentTechnology RoadmapsIntegration DesignSolution ArchitectureTechnical Design
Cyber Security
AssessmentsIAMComplianceSecurity BaselineCyber Innovation
Network and Platform
Network DesignCloud StrategyModernisation
Enterprise Architecture
Business AlignmentPortfolio AnalysisGovernance
ProjectsCase StudiesInsightsToolsAboutContact
Get in Touch
MuonPartners

Strategic technology consulting for Australian organisations navigating complexity.

Services

  • Architecture
  • Cyber Security
  • Network and Platform
  • Enterprise Architecture

Company

  • About
  • Products
  • Frameworks
  • Cross-Framework Mapping
  • Projects
  • Case Studies
  • Insights
  • Contact

Contact

  • [email protected]
  • Australia
  • LinkedIn

© 2026 Muon Partners. All rights reserved.

ABN 50 669 022 315 · A Muon Group company.

Privacy PolicyTerms of Service
  1. Frameworks
  2. >AESCSF
  3. >SITUATION
  4. >Perform Monitoring
  5. >AESCSF-SITUATION-2h
AESCSF-SITUATION-2hActive

Risk analysis information (RISK-3d) is used to identify indicators of anomalous activity

Statement

Risk analysis information (RISK-3d) is used to identify indicators of anomalous activity

Context and Guidance: Logging activities (SITUATION-1a, SITUATION-1b) and monitoring and analysis requirements (SITUATION-2c) are enhanced to incorporate relevant information from risk analysis activities (RISK-3d). Monitoring staff regularly review the risk analysis information and either modify existing indicators of anomalous activity or develop additional ones based on updates regarding threats, vulnerabilities, and identified risks.

Related Practices • Progression: This practice is part of a practice progression. Practice progressions are groups of related practices that represent increasingly complete or more advanced implementations of an activity. The practices in this progression include: SITUATION-2d, SITUATION-2h, SITUATION-2i.

Location

Domain
SITUATION
Objective
Perform Monitoring

Practice Details

Identifier
AESCSF-SITUATION-2h
Type
Practice
Domain
SITUATION
Objective
Perform Monitoring

Maturity Level

MIL-1MIL-2MIL-3

Security Profile

SP-1SP-2SP-3
C2M2
C2M2-SITUATION-2Hequivalentvia derived-shared-practice-structure
View in graphReport an issue
← Back to Perform Monitoring
Perform Monitoring9 controls
AESCSF-SITUATION-2aPeriodic reviews of log data or other cybersecurity monitoring activities are performed, at least in an ad hoc mannerAESCSF-SITUATION-2bData and alerts from network and host monitoring infrastructure assets are periodically reviewed, at least in an ad h...AESCSF-SITUATION-2cMonitoring and analysis requirements are established and maintained for the function and address timely review of eve...AESCSF-SITUATION-2dIndicators of anomalous activity are established and maintained based on system logs, data flows, network baselines, ...AESCSF-SITUATION-2eAlarms and alerts are configured and maintained to support the identification of cybersecurity eventsAESCSF-SITUATION-2fMonitoring activities are aligned with the threat profile (THREAT-2e)AESCSF-SITUATION-2gMore rigorous monitoring is performed for higher priority assetsAESCSF-SITUATION-2hRisk analysis information (RISK-3d) is used to identify indicators of anomalous activityAESCSF-SITUATION-2iIndicators of anomalous activity are evaluated and updated periodically and according to defined triggers, such as sy...