The second element of IT Governance’s Cyber Resilience Framework focuses on monitoring your organization’s information and information systems for anomalies.
It should cover:
Your organization’s systems, networks, and security measures should be continually observed and logged, both through automated means and through less frequent activities such as vulnerability scanning and penetration testing. Any identified anomalies and weaknesses should be acted upon.
Your organization should also actively seek to detect incidents (for example, by manually reviewing audit logs and gathering intelligence from outside the organization). Measures should be put in place to help detect malicious activity that might otherwise be difficult to identify.
The extent to which you implement these measures will depend on your own environment and compliance requirements.