U.S. Department of Health and Human Services
Detecting potential security incidents may be difficult since many initially evade recognition by the sole use of monitoring tools. Knowing how a system usually behaves and learning which symptoms can indicate potential incidents is a way to recognize when you should investigate.
Correlation and analysis of events may help to identify potential incidents that may have been overlooked, which could become a more serious problem. Early awareness of potential incidents can stop damage, disclosure, and other harmful effects before they happen.
Incident detection and analysis may take several individuals reviewing activity before it is realized that an incident has occurred.
Within HHS, users should report all suspected computer security incidents to their local OPDIV Computer Security Incident Response Team (CSIRT) or Help Desk.
For more information on incident reporting, please visit: ,
Page 4 of 12
Operations and Maintenance Phase
Detecting and Analyzing Incidents