The organization shall determine what security events it monitors and in what ways.
Security events should be monitored from a variety of sources to identify important potential incidents that require a response. Information can be obtained e.g. directly from the management system, external partners, or logs generated by the organization’s equipment.
Examples of security incidents that can be monitored include: