People-based detection - AWS Security Incident Response Guide

People-based detection

Up to this point, we have discussed technology-based detection. The other important source of detection comes from people inside or outside the customer’s organization. Insiders can be defined as an employee or contractor, and outsiders are entities such as security researchers, law enforcement, the news, and social media.

Though technology-based detection can be systematically configured, people-based detection comes in a variety of forms such as emails, tickets, mail, news posts, telephone calls, and in-person interactions. Technology-based detection notifications can be expected to be delivered in near real-time, but there are no timeline expectations for people-based detection. It is imperative that the security culture incorporates, facilitates, and empowers people-based detection mechanisms for a defense-in-depth approach to security.