First of all, I'm sorry for my english but I'm italian :P
I'm a bit confused about the mechanics of the active monitoring during an hacking attack:
1) have we to assume that EVERY system, device or ego (or its Muse) is always monitored (by AI, Ego or Muse), or the only always-on security system is the firewall?
2) In the second case, which action is it needed to mantain the active monitoring (and eventually make the opposed Infosec test)?
3) where can I find the Infosec skill of the AI generally used for active monitoring?