Cyber threat intelligence and Left tail: Difference between pages

From ACT Wiki
(Difference between pages)
Jump to navigationJump to search
(Add link.)
 
(Layout.)
 
Line 1: Line 1:
''Treasury risk - information technology - cyber security - cyber threat.''
''Risk management - treasury - rare events - financial markets - distributions.''


Cyber threat intelligence is the assessment, validation and reporting of information on current and potential cyber threats.
In the risk management context, the left tail of a distribution refers to potential outturns that are adverse.


Cyber threat intelligence is undertaken to maintain and improve an organisation’s cyber security awareness and cyber risk management responses.


(The right tail, by contrast in this model, representing favourable outturns.)


:<span style="color:#4B0082">'''''Three categories of cyber threat intelligence '''''</span>


:"Threat intelligence (TI) comes in multiple formats but you can group it into three broad categories.
== See also ==
 
* [[Adverse]]
:The actual extent of its use depends on available tools and resources in the Security Operations Centre (SOC).
* [[Black swan]]
 
* [[Bubble]]
:In an ideal situation, a SOC will make use of all types of TI.
* [[Confidence]]
 
* [[Distribution]]
 
* [[Fat tail]]
:(1) Indicator of Compromise (IoC):
* [[Financial markets]]
 
* [[Frequency distribution]]
:At the lowest level, there are open source TI feeds that will provide indicators of compromise.
* [[Global Financial Crisis]] (GFC)
 
* [[Hedge]]
:This will include things like known bad IP addresses, domains, hashes and strings, all of which can compared with your logs.
* [[Leptokurtic frequency distribution]]
 
* [[Liquidity]]
:A match would indicate the system is interacting with a known bad IoC.
* [[Monte Carlo analysis]]
 
* [[Normal frequency distribution]]
:There are many IoC feeds that can be used and ingested into monitoring solutions.
* [[One tailed test]]
 
* [[Procyclicality]]
 
* [[Risk management]]
:(2) Tactics Techniques and Procedures (TTPs):
* [[Scenario planning]]
 
* [[Significance testing]]
:Slightly more abstract than IoCs, Qualitative TI will often refer to attacker TTPs, which can be invaluable in creating behavioural analytics.
* [[Standard deviation]]
 
* [[Systemic risk]]
:For example, a certain threat actor that is relevant to your organisation has been taking advantage of a couple of specific system tools to perform privilege escalation.
* [[Tail]]
 
* [[Tail event]]
:This kind of information, when used correctly, can be turned into detection use-cases.
* [[Tail risk]]
 
* [[Tipping point]]
 
* [[Treasury]]
:(3) Situational:
* [[Treasury risk]]
 
* [[Two tailed test]]
:Far more abstract information that might be useful in directing research and development, or the refinement of SOC strategies.
* [[UK gilt crisis]]
 
:This would typically include information on trends and geopolitical situations."
 
:''Building a Security Operations Centre - threat intelligence - UK National Cyber Security Centre.''
 
 
==See also==
*[[Compromise]]
*[[Corporate finance]]
*[[Credential stuffing]]
*[[Cyber attack]]
*[[Cyber breach]]
*[[Cyber risk]]
*[[Cyber security]]
*[[Cyber security: protecting your business and your clients]]
*[[Cyber threat]]
*[[Dark web]]
*[[Domain]]
*[[Domain name spoofing]]
*[[Due diligence]]
*[[Information Commissioner's Office]] (ICO)
*[[Information technology]]
*[[National Cyber Security Centre]] (NCSC)
*[[Open source]]
*[[Outside-in cyber review]]
*[[Public domain]]
*[[Risk management]]
*[[Treasury]]
*[[Treasury risk]]
 
 
==Other resources==
*[https://www.ncsc.gov.uk/collection/building-a-security-operations-centre/threat-intelligence Building a Security Operations Centre - threat intelligence - UK National Cyber Security Centre]
*[https://www.treasurers.org/hub/technical/cyber-security-guide-2024 Cyber security in corporate finance - ICAEW - 2024]


[[Category:Accounting,_tax_and_regulation]]
[[Category:Accounting,_tax_and_regulation]]
[[Category:Risk_frameworks]]
[[Category:The_business_context]]
[[Category:Treasury_operations_infrastructure]]

Latest revision as of 10:24, 30 July 2024

Risk management - treasury - rare events - financial markets - distributions.

In the risk management context, the left tail of a distribution refers to potential outturns that are adverse.


(The right tail, by contrast in this model, representing favourable outturns.)


See also

Retrieved from ‘https://wiki.treasurers.org/w/index.php?title=Cyber_threat_intelligence&oldid=56400