Cyber threat intelligence - Revision history

Doug: Add link.

2024-07-30T10:21:40Z

Add link.

← Older revision		Revision as of 10:21, 30 July 2024
Line 59:		Line 59:
	*[[Due diligence]]		*[[Due diligence]]
	*[[Information Commissioner's Office]] (ICO)		*[[Information Commissioner's Office]] (ICO)
			*[[Information technology]]
	*[[National Cyber Security Centre]] (NCSC)		*[[National Cyber Security Centre]] (NCSC)
	*[[Open source]]		*[[Open source]]
Line 64:		Line 65:
	*[[Public domain]]		*[[Public domain]]
	*[[Risk management]]		*[[Risk management]]
			*[[Treasury]]
			*[[Treasury risk]]

Doug: Layout.

2024-07-22T11:58:16Z

Layout.

← Older revision		Revision as of 11:58, 22 July 2024
Line 15:		Line 15:


	:(1) Indicator of Compromise (IoC)		:(1) Indicator of Compromise (IoC):

	:At the lowest level, there are open source TI feeds that will provide indicators of compromise.		:At the lowest level, there are open source TI feeds that will provide indicators of compromise.
Line 26:		Line 26:


	:(2) Tactics Techniques and Procedures (TTPs)		:(2) Tactics Techniques and Procedures (TTPs):

	:Slightly more abstract than IoCs, Qualitative TI will often refer to attacker TTPs, which can be invaluable in creating behavioural analytics.		:Slightly more abstract than IoCs, Qualitative TI will often refer to attacker TTPs, which can be invaluable in creating behavioural analytics.

Doug: Layout.

2024-07-22T11:57:45Z

Layout.

← Older revision		Revision as of 11:57, 22 July 2024
Line 15:		Line 15:


	:(1) Indicator of Compromise (IoC) - At the lowest level, there are open source TI feeds that will provide indicators of compromise.		:(1) Indicator of Compromise (IoC)

			:At the lowest level, there are open source TI feeds that will provide indicators of compromise.

	:This will include things like known bad IP addresses, domains, hashes and strings, all of which can compared with your logs.		:This will include things like known bad IP addresses, domains, hashes and strings, all of which can compared with your logs.
Line 24:		Line 26:


	:(2) Tactics Techniques and Procedures (TTPs) - Slightly more abstract than IoCs, Qualitative TI will often refer to attacker TTPs, which can be invaluable in creating behavioural analytics.		:(2) Tactics Techniques and Procedures (TTPs)

			:Slightly more abstract than IoCs, Qualitative TI will often refer to attacker TTPs, which can be invaluable in creating behavioural analytics.

	:For example, a certain threat actor that is relevant to your organisation has been taking advantage of a couple of specific system tools to perform privilege escalation.		:For example, a certain threat actor that is relevant to your organisation has been taking advantage of a couple of specific system tools to perform privilege escalation.
Line 31:		Line 35:


	:(3) Situational - Far more abstract information that might be useful in directing research and development, or the refinement of SOC strategies.		:(3) Situational:

			:Far more abstract information that might be useful in directing research and development, or the refinement of SOC strategies.

	:This would typically include information on trends and geopolitical situations."		:This would typically include information on trends and geopolitical situations."
Line 63:		Line 69:
	*[https://www.ncsc.gov.uk/collection/building-a-security-operations-centre/threat-intelligence Building a Security Operations Centre - threat intelligence - UK National Cyber Security Centre]		*[https://www.ncsc.gov.uk/collection/building-a-security-operations-centre/threat-intelligence Building a Security Operations Centre - threat intelligence - UK National Cyber Security Centre]
	*[https://www.treasurers.org/hub/technical/cyber-security-guide-2024 Cyber security in corporate finance - ICAEW - 2024]		*[https://www.treasurers.org/hub/technical/cyber-security-guide-2024 Cyber security in corporate finance - ICAEW - 2024]

	~~[[Category:Accounting,_tax_and_regulation]]~~
	~~[[Category:Risk_frameworks]]~~
	~~[[Category:The_business_context]]~~
	~~[[Category:Treasury_operations_infrastructure]]~~

	[[Category:Accounting,_tax_and_regulation]]		[[Category:Accounting,_tax_and_regulation]]

Doug: Create page - source - NCSC - https://www.ncsc.gov.uk/collection/building-a-security-operations-centre/threat-intelligence

2024-07-22T11:56:53Z

Create page - source - NCSC - https://www.ncsc.gov.uk/collection/building-a-security-operations-centre/threat-intelligence

New page

''Treasury risk - information technology - cyber security - cyber threat.''

Cyber threat intelligence is the assessment, validation and reporting of information on current and potential cyber threats.

Cyber threat intelligence is undertaken to maintain and improve an organisation’s cyber security awareness and cyber risk management responses.

:<span style="color:#4B0082">'''''Three categories of cyber threat intelligence '''''</span>

:"Threat intelligence (TI) comes in multiple formats but you can group it into three broad categories.

:The actual extent of its use depends on available tools and resources in the Security Operations Centre (SOC).

:In an ideal situation, a SOC will make use of all types of TI.

:(1) Indicator of Compromise (IoC) - At the lowest level, there are open source TI feeds that will provide indicators of compromise.

:This will include things like known bad IP addresses, domains, hashes and strings, all of which can compared with your logs.

:A match would indicate the system is interacting with a known bad IoC.

:There are many IoC feeds that can be used and ingested into monitoring solutions.

:(2) Tactics Techniques and Procedures (TTPs) - Slightly more abstract than IoCs, Qualitative TI will often refer to attacker TTPs, which can be invaluable in creating behavioural analytics.

:For example, a certain threat actor that is relevant to your organisation has been taking advantage of a couple of specific system tools to perform privilege escalation.

:This kind of information, when used correctly, can be turned into detection use-cases.

:(3) Situational - Far more abstract information that might be useful in directing research and development, or the refinement of SOC strategies.

:This would typically include information on trends and geopolitical situations."

:''Building a Security Operations Centre - threat intelligence - UK National Cyber Security Centre.''

==See also==
*[[Compromise]]
*[[Corporate finance]]
*[[Credential stuffing]]
*[[Cyber attack]]
*[[Cyber breach]]
*[[Cyber risk]]
*[[Cyber security]]
*[[Cyber security: protecting your business and your clients]]
*[[Cyber threat]]
*[[Dark web]]
*[[Domain]]
*[[Domain name spoofing]]
*[[Due diligence]]
*[[Information Commissioner's Office]] (ICO)
*[[National Cyber Security Centre]] (NCSC)
*[[Open source]]
*[[Outside-in cyber review]]
*[[Public domain]]
*[[Risk management]]

==Other resources==
*[https://www.ncsc.gov.uk/collection/building-a-security-operations-centre/threat-intelligence Building a Security Operations Centre - threat intelligence - UK National Cyber Security Centre]
*[https://www.treasurers.org/hub/technical/cyber-security-guide-2024 Cyber security in corporate finance - ICAEW - 2024]

[[Category:Accounting,_tax_and_regulation]]
[[Category:Risk_frameworks]]
[[Category:The_business_context]]
[[Category:Treasury_operations_infrastructure]]

[[Category:Accounting,_tax_and_regulation]]
[[Category:Risk_frameworks]]
[[Category:The_business_context]]
[[Category:Treasury_operations_infrastructure]]