Risk-based use cases for OT security monitoring
October 5, 2018
A catalogue of monitoring use cases for OT systems linked to threats.
This document proposes a risk-based approach to OT security monitoring. Use are presented to detect different stages of an attack:
- Vulnerability management use cases find and fix vulnerabilities before attackers can exploit them
- Misuse detection use cases look for signs of the exploits.
- Access monitoring use cases look for unauthorized access by attackers once they have gained valid access.
- Reviewing access logs use cases look for unauthorized steps taken by attackers once they have accessed a system.
Each of the use cases is linked to the threats it can detect. In this way, grid operators can select the most effective use cases based on a risk assessment. Use cases can be chosen to mitigate the highest risks and complement preventive measures.
- Version
- March 22, 2019 Last Updated
- 1.07 MB File Size
- 1 File Count
- October 5, 2018 Create Date