Classification in Security Operations>
Tow – Wesley Belleman
Given some set of input data, security analysts initially must determine if activity is malicious or non-malicious. This first issue is therefore binary classification. Classification Decision 1: Is this data useful for detection? Classification Decision 2: Is this an incident? Classification Decision 3: Sufficiency of Context Data Classification Decision 4: True Incident Classification Decision 5: Mitigation Effectiveness
Link: https://towardsdatascience.com/classification-in-security-operations-dc6f43adcae8