No matter how secure something is, there will always happen security incidents. And they must be reported!
In order to evaluate the security (and thus reporting it) you’ll need kind of a baseline, which represents a secure stat. Not just the current state, but how it addresses specific compliance issues. Also statistics would be a good idea to include like normal traffic flow. This might be helpful while identifying DoS attacks.
Also you should do regural checks and audits on the system.
|Alarms||An indiciation of an ongoing current problem. This are conditions to which you have to respond right now. Think of a siren going off when someone kicks in the door at home.|
|Alerts||Issues to which you need to pay attention but are not about to bring the system down at any moment. Many Anti- Virus- Software provide alert services when an attack is found.|
|Trends||Trends in threat. Eg.: There are more email-based phishing attempts in the last month than in previous months. Seeing trends allows you to take action before a major issue occurs.|
Intrusion detection systems and intrusion prevention systems might sound kinda similar but they have a major difference: The first one just detects intrusions while the other one helps prevent them. (Mind = Blown)
A good not so clear-cut approach is a honeypot.
Honeypots are used to lure an attacker. Just imagine winnie the pooh get stuck in a honey pot because he had to eat again. The same happens to our attacker that we lure into our honeypot.
They attack a purposely vulnerable machine we set up and we can track him down.