When to use this
Use this register to translate risks and threat scenarios into concrete monitoring rules, alerts, thresholds, and response actions.
Related controls
- A.8.16 Monitoring Activities
- A.8.15 Logging
- A.5.25 Assessment and Decision on Information Security Events
- A.5.26 Response to Information Security Incidents
- Risk Assessment
Detection use cases
| Use case ID | Risk scenario | Asset/service | Behaviour to detect | Data source | Rule/query | Threshold | Severity | Triage owner | Escalation path | Review date |
|---|---|---|---|---|---|---|---|---|---|---|
| MON-001 | TBD | TBD | TBD | TBD | TBD | TBD | TBD | TBD | TBD | TBD |
Minimum checks
- Use case traces to a risk scenario or critical service.
- Required data source is available and onboarded.
- Threshold is defined and justified.
- Triage owner is assigned.
- Escalation path is defined.
- Rule has been tested or reviewed.
- Template
- Iso27001
- Technological controls
- Monitoring
- Detection
Note Metadata
Aliases: Detection Use Case Register
Source: 90 Templates/Monitoring Detection Use Case Register.md
Related Notes
- Risk Assessment
- ISO 27001 A.5.25 - Assessment and Decision on Information Security Events
- ISO 27001 A.5.26 - Response to Information Security Incidents
- A.8.16 Audit Evidence Pack
- ISO 27001 A.8.15 - Logging
- ISO 27001 A.8.16 - Monitoring Activities
- A.8 Technological Controls MOC
- A.8 Technological Controls Implementation Guide
- A.8 Technological Controls Audit Guide
- A.8 Technological Controls Implementation Audit Risk Mapping
- ISO 27002 Annex A Control Interpretation Map
- A.8.16 Audit Checklist
- Monitoring Alert Threshold Review
- Monitoring Coverage and Data Source Map
- Templates MOC