THE CORE

ESTABLISH BASELINES

Understand what your environment looks like, what the normal is, and work towards getting a solid foundational control collection.

LOOK FOR ANOMALIES

Constantly detect things deviating from the norm, paying attention to subtle changes that may indicate malicious action or systemic issues.

HAVE A PLAN

Know what to do when something goes wrong, even when it’s an unknown, have a standard operating procedure that helps initiate action.

---

Original source of the core.