Each of the Protective Monitoring Controls has an obligation to record specific information. The level of audit and accounting requirements will depend on the specific Recording Profile of the data.
Within GPG13 there are four Recording Profiles, which roughly map to the to the HMG Information Assurance Standard no.1 Segmentation Model.
The Segmentation Model has four hierarchical segments; Aware, Deter, Detect and Resist and Defend.
The lowest segmentation level is Aware. At this level the organisation has an obligation to be Aware of public domain threats, common attack vectors and known vulnerabilities.
The second segmentation level is Deter. At this level the organisation has an obligation to Deter an attack from a skilled hacker. Appropriate controls should be in place to Deter such an attack.
The third segmentation level is Detect and Resist. At this level the organisation has an obligation to both Detect the attack and Resist the attack from a sophisticated attacker.
The highest segmentation level is Defend. At this level the organisation has an obligation to Defend against an attack from a sophisticated attacker.
* Detect and Resist
The choice of which level of segmentation to apply to the organisation will depend on the impact level of the business data that is being protected.
Impact Level definition can be found in HMG Information Assurance Standard No.1 Part 1 – Appendix A. But essentially boils down to “What Impact would the loss of this data have for the UK or European government, UK citizens and UK corporations”.
Higher impact level data requires higher segmentation levels applied. While there is no fixed rules, the following is generally considered to be best practice:
Impact Level 1 Data – Aware
Impact Level 2 Data – Deter
Impact Level 3 Data – Deter
Impact Level 4 Data – Detect and Resist
Impact Level 5 Data – Defend
Impact Level 6 Data – Defend
It should be noted that a significant accumulation of a specific Impact Level data, such as a large collection of Impact Level 3 Data, would most likely push the segmentation requirements up a level, for example to the Detect and Resist segmentation.