For 2021 i am going to research the role and use of Digital Twin data models in cyber security monitoring. This will include integration with traditional SIEM and Cloud SIEM technologies. Later in the research project i will look at how protective monitoring strategies for cyber security operations in Smart Cities can be defined. This will be part of the development of a framework model based upon NIST CSF. For now i will list the authoritative sources on the subject:
NCSC NIS guidance
Monitoring to detect potential security problems and track the effectiveness of existing security measures.
Principle
The organisation monitors the security status of the networks and systems supporting the delivery of essential services in order to detect potential security problems and to track the ongoing effectiveness of protective security measures.
Description
An effective monitoring strategy is required so that actual or attempted security breaches are discovered and there are appropriate processes in place to respond. Good monitoring is more than simply the collection of logs. It is also the use of appropriate tools and skilled analysis to identify indicators of compromise in a timely manner so that corrective action can be taken.
The purpose of this guideline is to assist organizations in the development of a continuous monitoring strategy and the implementation of a continuous monitoring program providing visibility into organizational assets, awareness of threats and vulnerabilities, and visibility into the effectiveness of deployed security controls. It provides ongoing assurance that planned and implemented security controls are aligned with organizational risk tolerance as well as the information needed to respond to risk in a timely manner should observations indicate that the security controls are inadequate.
Smart City Cyber Security 