Cyber Attack Taxonomy
Threat Intel Taxonomy
Threat Intel Classification
Threat Intel vs Cyber Attacks
Adversaries vs Targets
US TRADOC Cyber Operations Model – Sample
Threat Intel Program Checklist
- Biannual process in place to derive, update and capture prioritized intelligence requirements (PIRs) that map to your organization’s business risks.
- Tracking of ad hoc requirements that meet and do not meet standing PIRs in order to identify emerging intelligence needs and requirements.
- Documented intelligence production requirements.
- Documented collection requirements.
- Documented mapping of collection requirements to internal teams/capabilities or external (intelligence) providers/vendors (guidance).
- Regular assessment and tracking of guidance versus output from internal capabilities and external (intelligence) providers/vendors (collection management).
- Intelligence collection is easily consumable, i.e. in a threat intelligence platform (TIP).
- Documented intelligence production style guide.
- Documented intelligence review and editing process.
- Formalized intelligence product style and templates.
- Intelligence products include future predictions and doesn’t just report on facts.
- Sources used in intelligence products are linked to the relevant source and graded.
- Knowledge gaps are identified in intelligence products and pushed back into the requirements part of the intelligence cycle.
- Feedback is received from your intelligence consumer/customer and used to drive further intelligence collection and production if needed.
- Key Performance Indicators (KPIs) are generated for the intelligence program.
- KPIs are generated for each part of the intelligence cycle including for internal and external sources of finished intelligence products and intelligence collection.
- Have an intelligence (collection) management function that tracks and prioritizes requirements and tasks them as assigned guidance.
- Threat Intel Program Checklist
- Definitive Guide to Cyber Threat Intelligence
- SANS – Defining Threat Intelligence Requirements
- Lockheed Martin – Threat Driven Approach
- Ten Strategies of World-Class SOC, Chapter 11: Be a Sophisticated Consumer and Producer of Cyber Threat Intelligence (2014)
- Threat Intelligence and the Paradigm Shift in Cyber Defense – Neal Rothleader
- Intelligence-Driven Security: A New Model using Big Data – RSA
- Introduction: Recorded Future Cyber threat intelligence Application
- Securosis – Building a Threat Intelligence Program (May 2016)