This series describes a comprehensive “business technical approach” to the justification, definition, design and execution of Threat Intelligence: Evidence-based knowledge about an existing hazard designed to help organizations understand the risks common and severe external threats, used to inform decisions regarding the subject’s response. LookingGlass Cyber (n) - Actionable, relevant, and timely information that can help when assessing the security posture of an organization. A little more left. No no, that’s now too far... Programs.
In Part 1 we will examine what drives CISOs and organizations to consider adoption of a threat intelligence practice. CISO’s are focused on Risk reduction to their organizations but may not have a fully defined set of requirements on who, how, where Threat Intelligence can assist in that high-level goal. They may require a solid business case to justify the investment and have a supporting set of well-defined business and technical requirements. Some key questions help formulate the executive’s plan.
- What are the costs of solving these requirements or not?
- How can my organization’s revenue be protected while investing in TI?
- What is the right balance of both tactical and strategic Threat Intelligence-driven responses?
- Where can existing investments be leveraged?
- In a compliance world, what do I need to be concerned about that TI can help with?
With a solid foundation in understanding the business and technical requirements of TI programs, the audience will be ready to step into Part 2 of building the program.
Thursday, June 8, 2017 | 11AM EDT
This series will describe a comprehensive “business technical approach” to the justification, definition, design, and execution of Threat Intelligence Programs.
What do we mean by ‘business technical approach’ to Threat Intelligence (TI)?
Much in the industry is focused solely on one technical aspect or another of threat intelligence data that indicates information about a specific Malware: A generic term for a software that is designed to disable or otherwise damage computers, networks and computer systems LookingGlass Cyber (n) - another type of cold that can destroy a computer by latching on to destroy other programs. family, a set of indicators that can be used to block malicious sites, campaign information that highlights a threat actors profile, and a threat actor’s tactics, techniques, and procedures. But much of the technically focused content does not discuss how organizations can gather or construct that information themselves, and even more so, how an organization would organize themselves to respond to such data. Much of the output of the industry is providing the fish to organizations rather than teaching them how to fish for themselves.
A ‘business technical approach’ is one where we define an approach focused on the business needs, the organization personnel, organizational roles & responsibilities, team structure and those elements’ interaction with technology to address the challenge of successful threat intelligence operations. Our goal is to help organizations build effective Threat Intelligence programs.
In this series, you will learn:
- Justification and Impact of Threat Intelligence on Business Functions
- Hiring, Skills, and Managing TI teams
- Key roles & functions within TI teams
- Defining the TI end-to-end process that works in every environment
- Identifying the tools necessary to support the TI program
- Ensuring Metrics & Reporting to drive TI program effectiveness and efficiency
We wrap the series with a real-world use case that highlights all of these aspects coming together to deliver a fully automated threat intelligence capability protecting an organization from botnets.