(4) Intelligence Cycle and Threat Intelligence Community Flashcards
What is the threat intelligence life cycle?
The Threat Intelligence Life Cycle is:
- Requirements gathering
- Threat Data Collection
- Threat Data Analysis
- Threat Intelligence Dissemination
- Gathering Feedback
Describe what needs to happen during the first step in the threat intelligence cycle: Requirements Gathering
-Assess what security breaches or compromises you have faced
-Assess what information could have prevented or limited the impact of the breach
-Assess what controls and security measures were not in place that would have mitigated the breach
Describe the data collection process that happens during the intelligence cycle
once information requirements are completed, the next step is to collect data from threat intelligence sources to meet requirements.
This phase may happen multiple times as requirements are added or as requirements are changed based on data available and sources
Describe the data processing and analysis phase of the intelligence cycle
Once the data has been gathered, the data needs to be processed and reformatted, as it is likely that the data is not in a format that your systems can properly ingest. Once it is properly ingested and formatted, it can be fed into automated systems and tools for analysis and can be compiled into a report for leadership
What happens in the intelligence dissemination phase of the intelligence lifecycle?
In the intelligence dissemination phase, data is distributed to leadership and operational personnel who will use the data as part of their security role
Describe the feedback process of the threat intelligence cycle
The final step in the process is to get feedback on what you have done.
Continuous improvement is very important in the process. Better requirements should grow out of this process.
What are the Information Sharing and Analysis Centers (ISACs)?
The ISACs are there to help infrastructure owners and operators pool threat information and to provide tools and help to members
How do the Information Sharing and Analysis Centers (ISACs) work?
The ISACs use a trust model for operation, sharing threat information in depth for physical and cyber threats.