Summary: The article considers the directions of information protection in the information system of the organization. The need for regular monitoring of the elements state and events of the information system is shown. The scheme for monitoring events and detecting incidents of information security is presented. The goals, objectives and levels of monitoring the security of the information system are described. A comparative analysis of system and network level monitoring is carried out.
Keywords: anomaly, events, audit, security incident, information protection, system level, network layer, attack detection.