Over the years, many security controls deployed in ICS/OT networks have been copy/pasted IT security controls. It is vital to develop a tailored strategy for ICS cybersecurity. Start with the threats (intel driven) and scenarios (consequence driven) that you or others in your industry have faced. Start with 3-5 scenarios and develop what the response plan would need to look like to meet your organization's objectives. From the response plan, determine what your detection strategy should be; from your detection strategy, determine what information you need to collect and integrate with your asset identification capabilities. Use this poster by working backwards from response to detection to collection, as this will yield best results.