Incident and vulnerability detection under EASA Part-IS begins with the collection and analysis of information security events. This article explains how monitoring, internal reporting, external intelligence, and auditing work together to identify abnormal activity, detect incidents early, and uncover vulnerabilities that may impact aviation safety and operational integrity.