This article provides additional information on how you can meet the requirement for the CAF control – C1.e Personnel Skills for Monitoring and Detection.
Skills and Knowledge for Monitoring Activities
- Staff responsible for monitoring and detection should have the skills and knowledge needed to:
-
analyse alerts
-
investigate incidents
-
support timely and effective response
-
- Defined roles and workflows should be documented in Adoptech to help monitoring personnel follow consistent processes aligned with governance and reporting requirements.
Understanding Systems and Environments
-
Monitoring staff should understand the systems, client environments and essential functions they protect.
-
This enables them to prioritise alerts effectively and assess potential impact.
-
Team members should be encouraged to investigate beyond standard workflows when dealing with unusual or emerging threats.
External Support Where Required
-
External incident response partners or SOC services should be used where additional expertise or coverage is required.
Continuous Improvement
-
Monitoring personnel should routinely review:
-
workflows
-
log collection needs
-
case handling processes
-
-
These reviews help identify improvements and maintain an effective security monitoring function.