Today where threats are more advanced and ahead of protection technologies and methodologies each organization has to build some kind of Cyber Security Intelligence capability to stop or at least detect (in near real time) advanced threats attacking the organization.
Building effective Cyber Security Intelligence, first organizations must have a working risk management process and once Cyber Security Intelligence is established then it must be integrated in the risk management process.
Risk management will help identifying the Cyber Security Intelligence framework that can meet your organization business requirements and protect valuable assets.
So what can a Cyber Security Intelligence framework consists of? The following lists the components of the framework; it is not a full list but can be used as starting point
1. Establish security monitoring, alerting and reporting infrastructure.
2. Establish a security analysis procedure.
3. Establish non published cyber security information procedure
4. Follow up latest security tools
5. Follow up latest security news, alerts and analysis
6. Follow up linkedin groups either security or groups related to your business
- Information Security and Risk management experts
- Aurora Cyberconflict Research Group
- Information Security Community
- Information Security Network
- ISF - Information Security Forum
- Reverse Engineering and Malware Research
- Malware Analysis
7. Build malware analyzing lab
8. Follow up underground forums
Of course not the entire list is required based on your business type and requirements.
Also you may need to have basic knowledge of other languages such as Arabic, Chinese, Russian, Farsi and Hebrew.
I will keep the list updated and later will detail how to incorporate all the above components, others and risk management.