The organization shall list all relevant protected assets to determine ownership and to ensure that security measures cover all necessary items.
A large portion of the protected assets (including data sets, data systems, personnel / units, and partners) are treated through other tasks. In addition, the organization must list other important assets, which may be, depending on the nature of its operations, e.g. hardware (servers, network equipment, workstations, printers) or infrastructure (real estate, power generation, air conditioning).
Examples of traffic filtering and monitoring systems are firewalls, routers, intrusion detection or prevention systems (IDS / IPS) and network devices / servers / applications with similar functionalities.
To ensure the functionality of filtering and monitoring:
Owners have been assigned to various network devices, who are responsible for ensuring that the information processed on the networks and related services are protected from unauthorized access. Where appropriate, liability for network equipment must be separated from other related responsibilities.
An appropriate log is generated from the use of the network to enable the detection of actions relevant to cyber security.
The normal state of network traffic (traffic volumes, protocols, and connections) is known. In order to detect anomalies, there is a procedure for detecting events that are different from the normal state of network traffic (for example, anomalous connections or their attempts).