Business Needs and Requirements

Organizations need to consider various business needs and requirements before developing a threat intelligence program. They need to generate a true risk strategy looking beyond traditional data gathering. Considering these factors enables organizations to focus mainly on the most likely threats that affect them and their business practices. Organizations must ensure that all the requirements and needs of the threat intelligence program are satisfied.

Business Unit Needs

The following business unit needs and requirements are to be considered before developing a threat intelligence program:

Business Units
What are the needs and requirements of each business unit? Based on the technology and data used, each business unit in the organization will have various security needs that need to be considered in the threat intelligence program.

Risk Management
How threat intelligence helps in improving the risk management process? What are the requirements for incorporating threat intelligence into the risk management process to reduce or mitigate various internal and external risks?

Internal Audit
What are the needs and requirements for feeding the threat intelligence into the security mechanisms and controls in order to support various internal audit functions?

Legal and Compliance
Check whether the legal issues, contractual obligations, and compliance obligations are met while developing the threat intelligence program? Organizations need to ensure that these obligations are met.

Related Product:- ISO 27001 Lead Auditor Training And Certification ISMS

Internal Stakeholder Needs

The following internal stakeholder needs and requirements are to be considered before developing a threat intelligence program:

Business Executives
What are the requirements of various business executives to provide protection to their business assets? Business executives need to understand the key threats to their organization.

What are the needs and requirements of high-level management to ensure the protection of all the confidential and critical information of the organization? Check whether the reputation of the organization is maintained by preventing incoming data breaches?

End Users
Identify how to protect all the personal information and data of end users? What are the security requirements when the end users are working from a remote location?

Chief Information Officer
What are the requirements of the chief information officer (CIO) of the organization who is directly responsible for providing security to the organization’s IT assets?

CISO/Security Analyst/Security Manager
The cyber security professionals such as CISO, security analysts, and security managers are responsible for ensuring that all the requirements gathered are met.

Also Read:- Priority Intelligence needs

Other Teams Needs

The following are the requirements of other teams that need to be considered be fore developing a threat intelligence program:

IT Architects and IT Decision-Makers
IT architects and IT decision-makers need up-to-date information related to the important threats on critical IT assets of the organization so that they can enhance the security capabilities based on the identified cyber threats.

Security Operation Centers
Security operation centers (SOC) professionals need threat intelligence in the form of machine-readable format that includes information related to latest indicators of compromise.

Incident Response Teams
Incident response (IR) teams require threat intelligence that include s tools used by adversaries, associated campaigns, intention and attribution of threat actors, identified loCs during forensics investigation, etc., both during and after security incidents.

Security Control Administrators
Security control administrators need threat intelligence in the form of adversary TTPs to adapt the configuration of security controls based on the identified threats.

Vulnerability Management Teams
Vulnerability management teams require threat intelligence in the form of written documents describing latest IT system vulnerabilities and their associated attack vectors.

Intelligence Consumer Needs and Requirements

An organization while de fining the threat intelligence requirements needs to consider the prerequisites of the consumers and systems using the intelligence. These prerequisites include the type of information required by the consumers to fulfill their work and the format that makes intelligence available to the consumers and various security systems.

Some of the requirements of intelligence consumer are as follows:

Strategic Users
Strategic users include the high-level executives and management of the organization 9.Jch as CISOs and IT managers. They consume threat intelligence to understand the changing trends of cyber security. They need intelligence to understand the current business trends and make appropriate decisions regarding new technologies, security budget, and improvement of processes and staff. Good intelligence helps them in minimizing business risks and protecting the new technology and business initiatives.

Tactical Users
Tactical users include cyber security professionals such as IT service managers, security operations managers, network operations center (NOC) staff, administrators, and architects. NOC staff need tactical information such as malware signatures and URL reputations to permit the firewalls, security gateways, 105/IPS systems, and other security elements to prevent the attacks without blocking the flow of genuine traffic or creating false positives.

Operational Users
Operational users include IR teams, network defenders, forensic analysts, and fraud detection department staff. These consumers require detailed context about alerts and events to find if that alert or event is a part of a complex attack or not. They also need detailed information on various attacks and adversaries that help them in expanding their investigation to detect other elements in the attacks and find the sources of attacks.

Questions related to this topic

  1. Why risk management is important in information security?
  2. What are security policies and why are the so important for organizations to implement?
  3. How do you manage security risk?
  4. What are the essential elements of an organizational security policy?

Cyber Security Related Things

This Blog Article is posted by

Infosavvy, 2nd Floor, Sai Niketan, Chandavalkar Road Opp. Gora Gandhi Hotel, Above Jumbo King, beside Speakwell Institute, Borivali West, Mumbai, Maharashtra 400092

Contact us – www.info-savvy.com


Leave a Comment