Success Factors in Threat Intelligence: Part 1 - Business Requirements - Seguridad Mania.com - España y América Latina

This series describes a comprehensive “business technical approach” to the justification, definition, design and execution of Threat Intelligence Programs. Much in the industry is focused solely on one technical aspect or another of threat intelligence data that indicates information about a specific malware family, a set of indicators that can be used to block malicious sites, campaign information that highlights a threat actors profile, their tactic, techniques and procedures. But much of the technically focused content do not discuss how organizations can gather or construct that information themselves, and even more so, how an organization would organize themselves to respond to such data. Much of the output of the industry is providing the fish to organizations rather than teaching the organizations how to fish themselves. A ‘business technical approach’ is one where we define an approach focused on the business needs, the organization personnel, organizational roles & responsibilities, team structure and those elements’ interaction with technology to address the challenge of successful threat intelligence operations. In Part 1 we will examine what drives CISOs and organizations to consider adoption of a threat intelligence practice. CISO’s are focused on Risk reduction to their organizations but may not have a fully defined set of requirements on who, how, where Threat Intelligence can assist in that high-level goal. They may require a solid business case to justify the investment and have a supporting set of well-defined business and technical requirements. Some key questions help formulate the executive’s plan. -What are the costs of solving these requirements? -How can my organization’s revenue be protected while investing in TI? -What is the right balance of both tactical and strategic Threat Intelligence-driven responses? -Where can existing investments be leveraged?