What makes it more challenging is the subjectivity of what needs to be monitored, as well as establishing normalcy.
For example, let's review the following diagram:
The concept here is relatively simple:
- IT security takes care of reviewing the firewall logs
- IT operations take care of the web applications and monitoring the network