Information Gathering -> Logging: Correlation of security events
Risk and Opportunity
Risk: Detection of security related events with hints on different systems/tools/metrics is not possible.
Opportunity: Events are correlated on one system. For example the correlation and visualisation of failed login attempts combined with successful login attempts.
Required knowledge: High (two disciplines)
Required time: High
Required resources (systems): High
Dependencies: Visualized logging, Alerting
OWASP SAMM 2 Mapping: o-incident-management|A|2
ISO27001:2017 Controls Mapping:
- not explicitly covered by ISO 27001 - too specific