In the first three chapters of Volume 2 we have been focused internally. In Chapter 13, we turn our focus to outside your organization. Threat intelligence, like situational awareness, is the discipline of becoming conscious of the environment in which you are operating with the intent of decreasing the potential impact of harms that are presented to you or your community. You’ll need to use a combination of data about the relevant threat actors and the vulnerabilities of your high-value assets along with your judgment about the combinations that pose the greatest risk to your organization.
Bill starts the discussion where we have traditionally associated protection from risk, with the law enforcement community. Every organization operates in the context of local, state and federal jurisdictions, some grounded in the physical world and many increasingly incorporating the digital realm. From there, Bill expands the scope to include the entire human network that all three authors have repeatedly highlighted.
Matt asks us to look inward again to establish the context in which threat intelligence is most effective. He guides us on an exploration of six keys to threat intelligence that teaches us how to use that context to make better decisions about which threats are most real to us and build a program around that knowledge.
Gary gives a thorough analysis of the sources for threat intelligence and leaves us with an understanding of how these sources are structured, characterized, and effectively utilized. He concludes with an extensive review of Open Source Threat Intelligence and how you should incorporate that into your threat intelligence program.
Some of the questions the authors used to frame their thoughts for this chapter include:
|· What is threat intelligence, and what types of external threat intelligence sources should the CISO use to augment their cybersecurity suite?
· What are the business scenarios for incorporating threat intelligence services into an enterprise cybersecurity program?
· Which Open Source Threat Intelligence (OSINT) resources should a CISO consider for enhancing their threat vulnerability management program?
Copyright © 2016, 2018 CISO DRG JV – All Rights Reserved.