Back

Establish, implement, and maintain an intrusion detection and prevention program.


CONTROL ID
15211
CONTROL TYPE
Establish/Maintain Documentation
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Establish, implement, and maintain logging and monitoring operations., CC ID: 00637

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • In addition, AIs should implement effective controls for prompt detection of unusual downloading activities that may involve customer data. For instance, AIs could enable logging of data downloading to those media and perform periodic sample checks on whether customer data have been downloaded witho… (Annex E. ¶ 2, Hong Kong Monetary Authority Customer Data Protection, 14 October 2014)
  • As regards staff members who are allowed to transmit data to outside networks/systems through legitimate channels such as corporate e-mails, AIs should put in place effective system controls for prompt detection of unusual or potentially suspicious activities regarding access or transmission of cons… (Annex D. ¶ 2, Hong Kong Monetary Authority Customer Data Protection, 14 October 2014)
  • It is necessary to review measures to prevent, detect, and respond to cyber attacks and to establish a framework to combat cyber attacks in order to prevent system interruption and illegal fund transfers caused by cyber attacks. (C5.1. ¶ 1, FISC Security Guidelines on Computer Systems for Financial Institutions, Ninth Edition, Revised March 2020)
  • Prevention of and response to an intrusion; (Article 45-3(3)(3), Act On Promotion of Information and Communications Network Utilization and Information Protection, Amended by Act No. 14080, Mar. 22, 2016)
  • This category is used for any applicable mitigation activities that apply to techniques occurring before an adversary gains Initial Access, such as Reconnaissance and Resource Development techniques. (M1056 Pre-compromise, MITRE ATT&CK®, Enterprise Mitigations, Version 13.1)
  • Employ tools and techniques to monitor network events, detect attacks, and provide identification of unauthorized use. (§ 5.10.1.1 ¶ 1 4., Criminal Justice Information Services (CJIS) Security Policy, CJISD-ITS-DOC-08140-5.9.1, Version 5.9.1)