Another Question to Consider: How do you get your actionable cyber threat intelligence?
The Driver Behind This
Understanding the threats you face is the first step (identification) of a Risk Management program and ultimately how the organization manages risks. The organization’s ability to collect, process and analyze cyber threats goes a long way in protecting the organization and reducing its risk.
Actionable intelligence ensures that these threats are properly considered and analyzed, in the context of the organization’s defined risk appetite, to allow the Senior Management to make well informed decisions and direct a reasonable amount of resources appropriate to respond to those risks.
Processes, Practices, and Activities That Address This Question
Define a Threat Intelligence capability within the organization and train staff on the Threat Intelligence Lifecycle and how to leverage existing instrumentation to provide additional value.
Threat Intelligence Lifecycle
Once your staff have been sufficiently trained on the fundamentals of Threat Intelligence you can expand to include a Threat Hunting capability to the organization.
Establish the processes associated with the production, dissemination (reporting) and action (what you do with that Intel product and apply it to the various security controls).
You can also subscribe to your industry’s relevant Information Sharing and Analysis Center (ISAC), as well as several of the open source or commercial threat feeds.
Common Pitfalls
- “Not properly planning and knowing what questions need to be answered.”
- “Leveraging it to meet political agendas versus the organization’s needs.”
- “Trying to consume everything that’s out there all at once.”
- “Not accepting that everyone doesn’t have a need to know.”
Continued Reading