One of the most common questions when it comes to following the NIST framework is when you should start implementing response plan procedures. Let’s say that you already have a response plan in place (which you should, as the response plan is one of the most important aspects of an online security system). In order for your response plan to come to action, you must first detect a threat or potential security risk in your system or network.
Spotting unusual activities in your system is crucial for preventing a cyber attack or at least stopping it from causing too much damage. However, it takes an experienced eye to spot a change in the system that might be caused by an external or even internal threat.