Organizations must establish a centralized information security operations and management system at a certain IT maturity level. Such a centre provides a full vision of the current state of information security assets, enables the elimination of non-conformances in due time, and ensures the required information security level. The main functions of such a centre are:

• event monitoring, user activity audit, vulnerability management;
• incident management;
• monitoring compliance with legislative requirements and standards.