Archived Content

In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.

PUBLICATION

Operational Value of Indicators of Compromise White Paper

Revision Date

July 14, 2021

Related topics:

Cybersecurity Best Practices, Critical Infrastructure Security and Resilience

Most organizations prioritize processing internal information over processing and acting on external Indicators of Compromise (IOCs) feeds. There is a significant debate in the cybersecurity community as to what operational value some IOCs provide to organizations, since threat actors can and do change IOCs routinely to avoid detection. During the State, Local, Tribal, and Territorial IOC Automation Pilot, Johns Hopkins Applied Physics Laboratory discovered that the right question is not if IOCs are operationally valuable, but when.

Resource Materials

Resource Name	File Type	File Size	Language
Operational Value of IOCs White Paper	PDF, 312.54 KB	312.54 KB

Archived Content

Operational Value of Indicators of Compromise White Paper

Resource Materials

Tags

Iranian Cyber Actors May Target Vulnerable US Networks and Entities of Interest

Memory Safe Languages: Reducing Vulnerabilities in Modern Software Development

Internet Exposure Reduction Guidance

Primary Mitigations to Reduce Cyber Threats to Operational Technology

Archived Content

Operational Value of Indicators of Compromise White Paper

Resource Materials

Tags

Related Resources

Iranian Cyber Actors May Target Vulnerable US Networks and Entities of Interest

Memory Safe Languages: Reducing Vulnerabilities in Modern Software Development

Internet Exposure Reduction Guidance

Primary Mitigations to Reduce Cyber Threats to Operational Technology