30 Mart 2015 Pazartesi

Design of Threat Intelligence

Threat Intelligence Function Flow


Subtypes of Threat Intelligence


Strategic threat intelligence is consumed by high-level strategists. The paper notes, "It deals in such high-level concepts as risk and likelihoods, rather than technical aspects; and it is used by the board to guide strategic business decisions and to understand the impact of the decisions that are made."

Operational threat intelligence is "actionable information on specific incoming attacks."
Demystifying the human intelligence gathering angle and how organizations can do it (and evaluate the information) effectively and safely, the paper also fully explains information gathering for organizations from news sources, social media, chat rooms, business contacts, and official sources.

Tactical threat intelligence, the report defines, "is information that concerns the tactics used by threat groups - including their tools and methodologies - and is often referred to as Tactics, Techniques, and Procedures (TTPs)."

Technical threat intelligence comprises technical details of an attacker's assets, such as tools, command and control channels, and infrastructure.

Hiç yorum yok:

Yorum Gönder