2. Agenda
► Changes to the Threat Landscape
► Risk Management
► Threat Management
► Intelligence Process
► Access
► Problems to watch for
► Integration with Information Security
Page 1 Intelligence-led Cybersecurity
3. Changes to the Threat Landscape
Unsophisticated Increasing
attackers; targets are sophistication and Advanced persistent
Corporate espionage
anyone with a organisation; criminally threat
vulnerability motivated
‘Hobbyists’ Organised crime Corporate espionage Advanced Persistent
► Fun ► Criminal intent ► Economically Threat (APT)
► Challenge ► More coordinated motivated ► Long-term pattern of
attacks ► Theft of intellectual targeted, sophisticated
Financially motivated property attacks aimed at
(e.g., theft of credit governments, companies
card numbers for use and political activists
or sale) ► Politically and economically
motivated
► Well-funded, sophisticated
resources
Page 2 Intelligence-led Cybersecurity
4. Risk Management
► Media coverage indicates an increase in threats
► Impacts can be limited by collecting less assets
► Less opportunities for managing the risk
► Vulnerabilities are the focus of vulnerability management
► Maturing approaches in industry, not solved
► Threats are mostly unmanaged
► Opportunities:
► Prevent
► Disrupt
► Degrade
► Divert
Page 3 Intelligence-led Cybersecurity
5. Intelligence-driven Threat Management
► Threat characteristics
► ‘What they are’
► Intent
► Opportunity
► Capability
► Threat descriptions
► ‘What we can know’
► Targets
► Behaviours
► Targets and Behaviours leave Attack Indicators
Page 4 Intelligence-led Cybersecurity
6. The Security Intelligence Process
Direction
Action Customer Access
Analysis
Dissemination and
assessment
Page 5 Intelligence-led Cybersecurity
7. Access
Protective Change Web
Internal
Monitoring Requests Analytics
Incident Business Staff
Reports Information Forums
Human Industry Newspapers
External
Intelligence Liaison
Blogs
Public
Private Gov/LEA Forums Social
Forums Liaison Networks
Secrets Open Sources
Page 6 Intelligence-led Cybersecurity
8. Problems to watch for
► Lack of access to necessary sources
► Errors in interpreting reliability of sources
► Errors in interpreting meaning from sources
► Taking too long to analyse
► Policy over-influencing analysis
► Not getting the right product to the right customers
► Not able to communicate uncertainty to customers
► Not being able to act effectively on product
► Not tracking or planning for strategic changes
Page 7 Intelligence-led Cybersecurity