Organizations need to consider various business needs and requirements before developing a threat intelligence program. They need to generate a true risk strategy looking beyond traditional data gathering. Considering these factors enables organizations to focus mainly on the most likely threats that affect them and their business practices. Organizations must ensure that all the requirements and needs of the threat intelligence program are satisfied.
Business Unit Needs
The following business unit needs and requirements are to be considered before developing a threat intelligence program:
What are the needs and requirements of each business unit? Based on the technology and data used, each business unit in the organization will have various security needs that need to be considered in the threat intelligence program.
How threat intelligence helps in improving the risk management process? What are the requirements for incorporating threat intelligence into the risk management process to reduce or mitigate various internal and external risks?
What are the needs and requirements for feeding the threat intelligence into the security mechanisms and controls in order to support various internal audit functions?
Legal and Compliance
Check whether the legal issues, contractual obligations, and compliance obligations are met while developing the threat intelligence program? Organizations need to ensure that these obligations are met.
Related Product:- ISO 27001 Lead Auditor Training And Certification ISMS
Internal Stakeholder Needs
The following internal stakeholder needs and requirements are to be considered before developing a threat intelligence program:
What are the requirements of various business executives to provide protection to their business assets? Business executives need to understand the key threats to their organization.
What are the needs and requirements of high-level management to ensure the protection of all the confidential and critical information of the organization? Check whether the reputation of the organization is maintained by preventing incoming data breaches?
Identify how to protect all the personal information and data of end users? What are the security requirements when the end users are working from a remote location?
Chief Information Officer
What are the requirements of the chief information officer (CIO) of the organization who is directly responsible for providing security to the organization’s IT assets?
CISO/Security Analyst/Security Manager
The cyber security professionals such as CISO, security analysts, and security managers are responsible for ensuring that all the requirements gathered are met.
Also Read:- Priority Intelligence needs
Other Teams Needs
The following are the requirements of other teams that need to be considered be fore developing a threat intelligence program:
IT Architects and IT Decision-Makers
IT architects and IT decision-makers need up-to-date information related to the important threats on critical IT assets of the organization so that they can enhance the security capabilities based on the identified cyber threats.
Security Operation Centers
Security operation centers (SOC) professionals need threat intelligence in the form of machine-readable format that includes information related to latest indicators of compromise.
Incident Response Teams
Incident response (IR) teams require threat intelligence that include s tools used by adversaries, associated campaigns, intention and attribution of threat actors, identified loCs during forensics investigation, etc., both during and after security incidents.
Security Control Administrators
Security control administrators need threat intelligence in the form of adversary TTPs to adapt the configuration of security controls based on the identified threats.
Vulnerability Management Teams
Vulnerability management teams require threat intelligence in the form of written documents describing latest IT system vulnerabilities and their associated attack vectors.
Intelligence Consumer Needs and Requirements
An organization while de fining the threat intelligence requirements needs to consider the prerequisites of the consumers and systems using the intelligence. These prerequisites include the type of information required by the consumers to fulfill their work and the format that makes intelligence available to the consumers and various security systems.
Some of the requirements of intelligence consumer are as follows:
Strategic users include the high-level executives and management of the organization 9.Jch as CISOs and IT managers. They consume threat intelligence to understand the changing trends of cyber security. They need intelligence to understand the current business trends and make appropriate decisions regarding new technologies, security budget, and improvement of processes and staff. Good intelligence helps them in minimizing business risks and protecting the new technology and business initiatives.
Tactical users include cyber security professionals such as IT service managers, security operations managers, network operations center (NOC) staff, administrators, and architects. NOC staff need tactical information such as malware signatures and URL reputations to permit the firewalls, security gateways, 105/IPS systems, and other security elements to prevent the attacks without blocking the flow of genuine traffic or creating false positives.
Operational users include IR teams, network defenders, forensic analysts, and fraud detection department staff. These consumers require detailed context about alerts and events to find if that alert or event is a part of a complex attack or not. They also need detailed information on various attacks and adversaries that help them in expanding their investigation to detect other elements in the attacks and find the sources of attacks.
Questions related to this topic
- Why risk management is important in information security?
- What are security policies and why are the so important for organizations to implement?
- How do you manage security risk?
- What are the essential elements of an organizational security policy?
Cyber Security Related Things
- Top Cyber security Certifications of 2020 India
- Concept of Security, Cyber Space & Cyber Crime
- 10 Steps to Cyber Security
- Climbing the Cyber Security Certification Ladder
- Top 5 Key Elements of an Information Security
- Essential Terminology in Cyber security
- Top categories which includes in Information Warfare
- What is Defense in Depth? & How Defense in depth Works
- Information Security Incidents
- What is Information Security & types of Security policies
- Overview of Cyber security Frameworks
- 9 Tips for Top Data Backup Strategy
- What is Cyber Kill Chain? and it’s 7 Phases
- A Need for Tactics, Techniques & Procedures
- An Overview of knowledge Acquisition
- Business Needs and Requirements
- What is Pyramid of Pain ? & It’s types
- Top IT Management Certifications of 2020 to Impress Recruiters
- Best Cyber security career 2020 road map for IT Professionals
- 15 Benefits Of Security Certifications to Upgrade Career Path 2020
- 6 Things You Should know About Social Engineering
This Blog Article is posted by
Infosavvy, 2nd Floor, Sai Niketan, Chandavalkar Road Opp. Gora Gandhi Hotel, Above Jumbo King, beside Speakwell Institute, Borivali West, Mumbai, Maharashtra 400092
Contact us – www.info-savvy.com