Threat Intelligence Flashcards
Security Control Functional Types
Preventative - reduce likelihood of attack
Detective - id attempted or successful intrusion
Corrective - eliminate event
How can I mitigate risk
Confidentiality, Integrity, Availability
Security Intelligence
The process where data is generated and is then collected, processed,
analyzed, and disseminated to provide insights into the security status of
information systems
Cyber Threat Intelligence
Investigation, collection, analysis, and dissemination of information about
emerging threats and threat sources to provide data about the external
threat landscape
Intelligence Cycle
Requirement (planning) - goals on what we want to collect
Collection (processing) - software to gather data
Analysis - analyze and sort good or bad
Dissemination - Publishes information produced by analysts to consumers who need to
act on the insights developed strategies
Feedback - review input and output lessons learned
Intelligence sources
Timeliness - up to date
Relevancy - intended use case
Accuracy - intel produces effective results
Confidence lvl - ensure statement is reliable
General sources of info
Proprietary - Threat intelligence is very widely provided as a commercial service
offering, where access to updates and research is subject to a
subscription fee
Closed source - Data derived from the provider’s own research and analysis
efforts, such as data from honeynets that they operate, plus
information mined from its customers’ systems, suitably
anonymized
Open source - Data that’s available without subscription, which may include
threat feeds, reputation lists, and malware signature databases
Threat feeds - a form of explicit knowledge, but implicit knowledge from
experienced practitioners is also useful
OSINT - A method of obtaining information about a person or
organization through public records, websites, and social
media
ISACS
A not-for-profit group set up to share sector-specific threat intelligence
and security best practices amongst its members
CISP UK version
