In terms of exception, anomaly, and threat detection, demonstrate how to use your knowledge of the process control system and established behavioral baselines to identify potential threats.
Regarding security monitoring, describe what systems to monitor, what information to collect, and how to best use it. Answer TWO of the the following anomaly, threat detection, and security monitoring questions and post to the Wiki your questions and answers so that we can share the learning experience:
Please review Figure 11.6 of the textbook and explain when and how the event correlation process is used?
What do you feel are the most important elements of a successful “Exception Reporting”?
Can you provide some examples of “Beneficial Whitelists”?
What do you feel are the most important elements of successfully monitoring security zones?
What methods are used or planned for “Behavioral Anomaly Detection”?
The rubric for this assignment is here.
Assignment Resources:
Textbook:
Industrial Network Security, 2nd Edition by: Joel Thomas Langill and Eric D. Knapp- Chapters 11 and 12