Today where threats are more advanced
and ahead of protection technologies and methodologies each organization has to
build some kind of Cyber Security Intelligence capability to stop or at least detect
(in near real time) advanced threats attacking the organization.
Building effective Cyber Security
Intelligence, first organizations must have a working risk management process
and once Cyber Security Intelligence is established then it must be integrated
in the risk management process.
Risk management will help
identifying the Cyber Security Intelligence framework that can meet your
organization business requirements and protect valuable assets.
So what can a Cyber Security Intelligence
framework consists of? The following lists the components of the framework; it
is not a full list but can be used as starting point
1.
Establish
security monitoring, alerting and reporting infrastructure.
2.
Establish
a security analysis procedure.
3.
Establish
non published cyber security information procedure
4.
Follow
up latest security tools
5.
Follow
up latest security news, alerts and analysis
6.
Follow
up linkedin groups either security or groups related to your business
- Information Security and Risk management experts
- Aurora Cyberconflict Research Group
- Information Security Community
- Information Security Network
- ISF - Information Security Forum
- Reverse Engineering and Malware Research
- Malware Analysis
7.
Build
malware analyzing lab
8.
Follow
up underground forums
Of course not the entire list is
required based on your business type and requirements.
Also you may need to have basic
knowledge of other languages such as Arabic, Chinese, Russian, Farsi and Hebrew.
I will keep the list updated and
later will detail how to incorporate all the above components, others and risk
management.
No comments:
Post a Comment