Collection Management Framework for ICS Security Operations and Incident Response
Dragos: ICS Cybersecurity via YouTube
Overview
Explore the essential role of a collection management framework (CMF) in enhancing industrial control system (ICS) security operations and incident response. Learn how to extend the value of asset inventories by understanding available data, storage duration, and data utilization. Discover the benefits of pre-made investigation playbooks combined with threat intelligence and collection knowledge for a scalable approach to monitoring industrial networks and efficiently responding to threats. Gain insights into requirements gathering, planning, and various use cases including detection span, external and local sources, incident response, and host forensics. Access additional resources, including a comprehensive whitepaper, to deepen your understanding of CMFs and their application in ICS cybersecurity.
Syllabus
Introduction
Presentation Overview
Status
Solutions
Ben Miller
Collection Management Framework
Requirements Gathering
Requirements Planning
Use Cases
Detection Span
External Source
Local Source
Incident Response
Host Forensics
Summary
Key Questions
Conclusion
Audience Questions
Taught by
Dragos: ICS Cybersecurity