pitfalls of cyber data
TRANSCRIPT
3
Direction
Access
Analysis & Assessment
Dissemination
Action
Customer
Gather Information
Insight
Expert Schema
Assess Source
Define Action
4
Immediate Threat
Evolving Threat
Long Term Threat
Trend Analysis
Horizon Scanning
Futurology
Situational Awareness Strategic Intelligence
5
High-level Information on
changing risk The board
Details of a specific Incoming attack
Defenders
Attacker Methodologies, Tools and tactics Architects & Sysadmins
Indicators of Specific malware SOC staff / IR
Lon
g-Te
rm U
se
Sho
rt-T
erm
Use
Low Level High Level
6
Threat Source
Threat Event
Vulnerability Adverse Impact
Initiates Exploits Causing
Characteristics: • Capability • Intent • Target
Sequences: • Actions • Activities • Scenarios • Relevance
Conditions: • Pervasiveness • Severity Controls: • Effectiveness
Risk: • Likelihood • Impact
Risk View
7
Driving Forces
Public Cyber Data
Past Incident Records
Adversaries (Threat Source)
Threat Scenarios
Adverse Impacts
Threat Events
TTPs Controls
Threat Personas
Technical Indicators
Tactical View
16
Threat Scenarios
Threat Events
TTPS
Many to Many
Many to Many Specific
Instance with extensive business context.
Collection of TTPs with
limited Business Context Standards
not used / many fudges