Andrey Y. Iskhakov, Sergey Y. Iskhakov

V.A. Trapeznikov Institute of Control Sciences of Russian Academy of Sciences, Public Joint-Stock Company Promsvyazbank

The article considers the basic principles of categorization of security events, formulates the requirements to it and offers a methodology for its application. Examples of event categorization options for various information protection tools are given. Possibilities of scaling the categorization system and methods of its adaptation for use in industrial automation and control systems are determined. The results of an experiment on the application of the methodology to improve the protection of automated systems on the example of a virtual cyber polygon are also presented, confirming the effectiveness of this methodology and the possibility of its application to the protection of industrial systems.

correlation, data categorization, normalization, taxonomy, security information and event management, attack scenarios, incident