13.11: Tune Security Event Alerting Thresholds¶
Tune security event alerting thresholds monthly, or more frequently.
Asset Type |
Security Function |
Implementation Groups |
|---|---|---|
Network |
Detect |
3 |
Dependencies¶
Safeguard 13.1: Centralize Security Event Alerting
Inputs¶
Date of last tuning of security event alert thresholds of
GV42Log correlation or log analytic tool
Operations¶
Compare Input 1 to current date and capture timeframe in days
Measures¶
M1 = Timeframe in days since last tuning of security event alert thresholds for log correlation or log analytic tool
Metrics¶
If M1 is greater than thirty days, then this safeguard is measured at a 0 and receives a failing score.