This week’s task is simple. Draw a line on the prioritized list of OT detection information sources you created last week. Everything above the line you are committed to monitoring, analyzing, and acting on alerts. Everything below the line is a future detection opportunity.
As in earlier tasks, be conservative in your estimate of how much you can do. It’s much better to meet your commitment on a small number of the most important OT detection information sources than doing a halfway, inconsistent, or bad job on a longer list of detection sources.
What are you doing today to use these OT detection information sources? If you have a new, fledging detection program then effectively using even the top two or three OT detection information sources would be a major step forward. If your OT detection program is mature, it might be time to get more aggressive in the OT detection information sources you use.
Consider the efficiency and effectiveness you determined last week as well. Is there a place on the list where the efficiency goes to low? Where it will take a large investment to effectively monitor, analyze, and act on the OT detection information source. This may be a good place to draw the line. And it may be worth considering are there new OT detection information sources that would be more effective and efficient.
List the OT detection information sources above the line. The information sources you are committing to monitoring, analyzing, and acting on alerts.