Lesson 13: Anomalies and Events (DE.AE)

In this lesson students will learn about the importance of Monitoring for Anomalies, and Events to identify Cybersecurity Events before they can escalate into a Cybersecurity Incident. In this lesson we will clarify some of the technical requirements required to proactively monitor for Anomalies, and Events. These requirements include establishing a baseline for network activity, developing the capability to detect attacks on critical assets, correlating data from multiple sources, establishing the impact to organizations operations, and automating the alerting by establishing thresholds of abnormal activity. In this lesson we will review many valuable considerations for the establishment of Monitoring for Anomalies, and Events. We will also provide an exercise for students to practice their newfound knowledge and develop new Cybersecurity skills.