How to Develop and Maintain Security Monitoring Use Cases
Published: 16 January 2018
ID: G00338758
Analyst(s): Augusto Barros | Anton Chuvakin
Not a Gartner Client?
Want more research like this?
Learn the benefits of becoming a Gartner client.
Summary
Use cases are a core facet of security monitoring activities. A structured process to identify, prioritize, implement and maintain use cases allows technical professionals to align monitoring efforts to security strategy, choose best-fit solutions and maximize the value of security monitoring tools.
Table of Contents
-
Problem Statement
-
The Gartner Approach
-
The Guidance Framework
-
Prework
-
Identify Use-Case Candidates
- Threat-Oriented Use Cases
- Control-Oriented Use Cases
- Asset-Oriented Use Cases
- Identifying Candidates
- Popular Starter Use Cases
-
Prioritize Use-Case Candidates
-
Individual Use-Case Life Cycle
- Sprint of Use-Case Implementation
- Review Use-Case Results
- Tuning a Use Case
- Removing a Use Case
-
Measure Process Performance
-
Prework
-
Risks and Pitfalls
-
Related Guidance
-
Related Guidance
-
Gartner Recommended Reading