Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Wednesday, 4 October, 2023
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Things To Know Before Developing Intelligence Requirements.

by The Gurus
March 11, 2019
in Featured, Opinions & Analysis
Things To Know Before Developing Intelligence Requirements.
Share on FacebookShare on Twitter

Written by Mike Mimoso, Editorial Director, Flashpoint

To state the obvious, proper intelligence requirements must be in place before data collection, analysis, and consumption of intel can happen. These requirements are critical because they enable an organisation to choose and prioritise its intelligence goals, determine what information it needs to collect and from what sources to achieve those goals, establish how it will process this information, and identify which dissemination methods are most appropriate for the finished intelligence it produces.

Intelligence requirements mandate some initial groundwork, however. The commercial sector, for example, has a much different starting point than its public-sector counterparts; a government agency may want to know all it can about an adversary targeting its network, while a financial services organisation may be primarily concerned about getting those bad guys off its network—whomever they may be—and keeping them off.

This approach will guide how intelligence requirements are formulated as organisations attempt to understand and protect their infrastructure, lessen the attack surface a threat actor may target, and reduce exposure to risk.

Assets and Exposure

Building intelligence requirements that work for your organisation requires a deep understanding of available assets and exposure through a comprehensive asset inventory and threat-profiling exercise, more so than a debate about how much software and people hours you will need to invest in order to address a threat. A much more fruitful discussion should be had about the specific information you need to collect to satisfy specific intel requirements.

For the commercial sector, this type of asset inventory and evaluation of internal assets and exposure in the context of adversaries’ tactics, techniques, and procedures must also include an understanding of threats to others in your industry, and tangentially against your supply chain, or others who store and execute upon the same types of data as your company. Being solely reactive puts organisations at an immediate disadvantage, not only with regard to incident response, but also with communicating potential risk to intelligence consumers and decision makers.

The More You Know…

Looking at this from a commercial business risk intelligence (BRI) perspective, intelligence requirements are derived from questions that need to be answered, and those questions should be formulated by those who will consume the subsequent intelligence, such as business leaders or analysts in a security operations centre.

It’s too broad a question to ask whether there are hackers a business needs to be concerned with, because properly answering that question would require extensive, time-consuming data collection and profiling of active threat actors and could easily be over-taxing for analysts already overburdened with alerts. A more focused approach would be to first identify which systems are core to the business. Next, determine whether there are publicly disclosed vulnerabilities and/or attacks targeting those systems, understand the consequences of a breach of the data on those systems, and find out whether attackers are targeting others in your industry.

This level of insight can help an organisation narrow its open web or Deep & Dark Web sources of information and focus only on core areas of concern, such as cybercrime, fraud-loss avoidance, emergent malware, disruptive attacks, or public exploits, for example. It also puts security analysts and decision makers in a position to be proactive about future threats and inform risk-based decisions.

Worthwhile Challenges

Once there is an understanding of assets and exposure based on such specific and tailored questions, work on equally narrow intelligence requirements may begin. In the above examples, an organisation may establish a requirement that certain threat-actor profiles be developed, or intelligence on only a handful of pertinent vulnerabilities and exploits be produced. If threat actors have used a zero-day attack against organisations running a previously undisclosed Adobe Flash vulnerability, and you’ve blocked Flash usage on employee devices, these incidents have little bearing on your operation.

This is the type of tactical, operational, or strategic intelligence organisations require to inform decisions and lessen risk. It all begins with intelligence requirements, and going a layer higher, the legwork required to support the development of viable intelligence requirements is challenging. It’s also worthwhile and supports the ultimate outcome for any security and risk team: preserve an organisation’s resiliency and operational continuity.

FacebookTweetLinkedIn
Share5Tweet
Previous Post

Security teams woefully understaffed.

Next Post

Misconfigured Box accounts lead to sensitive data leak.

Recent News

Cybersecurity has become the fastest growing start-up sector in UK

UK SME cyber threat concerns on the rise in last 12 months as a quarter admit to being breached

October 3, 2023

The State of Cybersecurity: Cyber skills gap leaves business vulnerable to attacks, new research reveals

October 3, 2023
threat hunting

Threat Hunting with MITRE ATT&CK

October 2, 2023
Guide to ransomware and how to detect it

Guide to ransomware and how to detect it

September 28, 2023

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information