Privacy is the right to control how your information is viewed and used, while security is protection against threats or danger. In the digital world, security generally refers to the unauthorized access of data, often involving protection against hackers or cyber criminals.Apr
5. Threat, Vulnerability, and Risk
Threat
Any circumstance or event with the potential to adversely impact
organizational operations, assets, or individuals.
Vulnerability
Weakness in an information system, system security procedures,
internal controls, or implementation that could be exploited or
triggered.
Risk
A measure of the extent to which an entity is threatened by a potential
circumstance or event.
6.
7.
8. Threat intelligence types
Strategic
High level info
on changing
risks
Tactical
Attacker Tools
Tactics,
Procedures
Operational
Incoming
attacks against
company or
industry
Technical
Indicators of
Compromise
High level Low level
Low Time-to-Live
High Time-to-Live
9. • What?
• Threat intelligence is information about threats
and threat actors that helps mitigate harmful
events in cyberspace.
• Why?
• Help organizations to understand the threats that
have, will, or are currently targeting the
organization.
• How?
• Open-source intelligence
• Commercial intelligence
Threat Intelligence Feeds
10. OSINT
Open Source Intelligence
• Derived from open sources (e.g. mainstream media, Internet forums, paste sites, etc.
• Pros: good for ‘context’ and ‘big picture’
• Cons: multiple languages, interpretation, noise
TECHINT
Technical Intelligence
• Technical indicators (e.g. IP addresses, hashes, domains, tools & techniques)
• Pros: easy to consume and drive automation
• Cons: difficult to ‘contextualize’
SIGINT
Signals Intelligence
• Derived from analysis of communications, often in one’s own environment
• Pros: low noise; if you’re seeing it, you’re experiencing it
• Cons: requires extensive apparatus
Threat intelligence sources
11. • Canadian Center for cyber Security CCCS
• Department of Homeland Security: Automated Indicator Sharing
• FBI: InfraGard Portal
• @abuse.ch: Ransomware Tracker
• SANS: Internet Storm Center
• VirusTotal: VirusTotal
• Cisco: Talos Intelligence
• VirusShare: VirusShare Malware Repository
• Google: Safe Browsing
• National Council of ISACs: Member ISACs
• The Spamhaus Project: Spamhaus
Open-source Intelligence Feeds
Commercial Intelligence Feeds
Recorded Future
12. NIST 800-150 “Guide to Threat Information Sharing”
• Threat information that has been aggregated, transformed, analysed,
interpreted, or enriched to provide the necessary context for
decision-making processes.