Cyber Intelligence-Driven Risk. Richard O. Moore, III
After-Action Report (AAR).
Pattern Analysis – can be used to provide management decisions for tactical or operational prioritization, or may be used to identify emerging threats, trends, and new requirements.
Market Analysis – can be used to see if there is proliferation of tools, techniques, processes (TTPs) for sale, and may be used by management to provide prioritization of remediation activities, or operational enhancements in defending their organization.
Demographics and Social Trend Analysis – can be used by management to highlight future pressures, used for incident planning and response activities based on emerging social phenomena or sensitivities.
Malicious/Criminal Business Profiles – can be used by management for understanding key points of operational disruption, the need for new regulations or legislation, change in resources to meet the threat, or to ensure the organization has training to meet new threats (i.e. phishing, malware, social engineering, etc.)
Network Analysis – can be used by management strategically as an indicator for the seriousness of an activity. Can also be used tactically and operationally to understand operational losses, highlights gaps, and provide potential targets within the organization.
Risk Analysis – can be used by management to create risk management planning (i.e. impact, probability, consequences both financially and reputational, etc.). Provides the prelude to prioritizing actions, at both the strategic and operational levels.
Target Profile Analysis – TTPs of the malicious actor or group, informs which targets will most likely be attacked, and provides decisions about how resources can be deployed to mitigate the attack.
Operational Intelligence Analysis – can be used by management to prevent mission creep or scope creep, prioritization of intelligence work, needs, or requirements stemming from current intelligence.
The use of the CI-DR cyber intelligence life cycle, the types of analysis, and the dissemination of knowledge to business leadership is how our program works in conjunction with the overall approach of having functions and capabilities and can inform, guide, direct, and provide the ability to adapt and prioritize for any change or emerging threat to an organization.
NOTES
The CISOs and CIOs are not necessarily involved with strategic directions for the organization, but need to be informed so that cyber intelligence “knowledge” can be created to support the strategy.
Business leaders when creating critical or priority cyber intelligence requirements (CIRs or PIRs) should be aware of the type of analysis and usage that can contribute to decisions.
The CI-DR cyber intelligence process is a proven method taken from the military intelligence process that provides a repeatable method of reporting but may require further iterations or new processes for different organizations.
Business leaders should be disciplined in not getting too much involved in the tactical level of cyber intelligence but should focus on prioritization and direction at the operational and strategic levels of cyber intelligence.
NOTES
1 1 US Government, Marine Corps Doctrinal Publication 2-Intelligence, (GAO) 1997.
2 2 US Government, Marine Corps Doctrinal Publication 2-Intelligence, (GAO) 1997.
3 3 US Government, Marine Corps Doctrinal Publication 2-Intelligence, (GAO) 1997.
4 4 Ibid.
5 5 Ibid.
6 6 US Government, Marine Corps Warfighting Publication 2-14 Counterintelligence, GAO, 2002.
7 7 Elizabeth Finan, INSA, Operational Levels of Cyber Intelligence, “Cyber Intelligence Taskforce,” 2013.
8 8 US Government, Joint Publication 1-02, “Department of Defense Dictionary of Military and Associated Terms,” 2016, http://www.dtic.mil/doctrine/dod_dictionary.
9 9 Elizabeth Finan, INSA, Operational Levels of Cyber Intelligence, “Cyber Intelligence Taskforce,” 2013.
10 10 Ibid.
11 11 Elizabeth Finan, INSA, Operational Levels of Cyber Intelligence, “Cyber Intelligence Taskforce,” 2013.
12 12 United Nations Office of Drugs and Crime, Criminal Intelligence Manual for Analysts, United Nations, NY, 2011.
Конец ознакомительного фрагмента.
Текст предоставлен ООО «ЛитРес».
Прочитайте эту книгу целиком, купив полную легальную версию на ЛитРес.
Безопасно оплатить книгу можно банковской картой Visa, MasterCard, Maestro, со счета мобильного телефона, с платежного терминала, в салоне МТС или Связной, через PayPal, WebMoney, Яндекс.Деньги, QIWI Кошелек, бонусными картами или другим удобным Вам способом.