Cyber threat intelligence and Double materiality assessment: Difference between pages

From ACT Wiki
(Difference between pages)
Jump to navigationJump to search
(Add link.)
 
(Mend link.)
 
Line 1: Line 1:
''Treasury risk - information technology - cyber security - cyber threat.''
''Financial reporting - risk management - ESG - sustainability reporting - European Sustainability Reporting Standards (ESRS).''


Cyber threat intelligence is the assessment, validation and reporting of information on current and potential cyber threats.
In the context of sustainability reporting, a double materiality assessment is one that covers material information about both:


Cyber threat intelligence is undertaken to maintain and improve an organisation’s cyber security awareness and cyber risk management responses.
:(1) A reporting entity's impact on people or the environment ("impact materiality") and


:(2) Financial risks or opportunities relating to a sustainability matter ("financial materiality").


:<span style="color:#4B0082">'''''Three categories of cyber threat intelligence '''''</span>


:"Threat intelligence (TI) comes in multiple formats but you can group it into three broad categories.  
For reporting purposes, a matter is material if it falls into either of these categories.


:The actual extent of its use depends on available tools and resources in the Security Operations Centre (SOC).


:In an ideal situation, a SOC will make use of all types of TI.
:<span style="color:#4B0082">'''''The European Sustainability Reporting Standards (ESRS) approach to materiality'''''</span>


:"The ESRS require that the sustainability statement include sustainability information related to material IROs identified through a materiality assessment process that applies the principles of double materiality...


:(1) Indicator of Compromise (IoC):
:The terms ‘material’ and ‘materiality’ are used throughout the ESRS to refer to double materiality unless otherwise specified."


:At the lowest level, there are open source TI feeds that will provide indicators of compromise.  
:''EFRAG Implementation Guidance - Materiality Assessment - p9.''


:This will include things like known bad IP addresses, domains, hashes and strings, all of which can compared with your logs.


:A match would indicate the system is interacting with a known bad IoC.
== See also ==
* [[Double materiality]]
* [[Environmental, social and governance]]  (ESG)
* [[European Financial Reporting Advisory Group]]  (EFRAG)
* [[European Sustainability Reporting Standards]]  (ESRS)
* [[Financial materiality]]
* [[Financial reporting]]
* [[Guidance]]
* [[Immaterial]]
* [[Impact]]
* [[Impact materiality]]
* [[Material by nature]]
* [[Materiality]]
* [[Materiality assessment]]  (MA)
* [[Risk]]
* [[Risk management]]
* [[Sustainability]]
* [[Sustainability reporting]]
* [[Sustainability statement]]


:There are many IoC feeds that can be used and ingested into monitoring solutions.


 
==Other resource==
:(2) Tactics Techniques and Procedures (TTPs):
*[https://www.efrag.org/Assets/Download?assetUrl=/sites/webpublishing/SiteAssets/IG+1+Materiality+Assessment_final.pdf EFRAG Implementation Guidance - Materiality Assessment]
 
:Slightly more abstract than IoCs, Qualitative TI will often refer to attacker TTPs, which can be invaluable in creating behavioural analytics.
 
:For example, a certain threat actor that is relevant to your organisation has been taking advantage of a couple of specific system tools to perform privilege escalation.
 
:This kind of information, when used correctly, can be turned into detection use-cases.
 
 
:(3) Situational:
 
:Far more abstract information that might be useful in directing research and development, or the refinement of SOC strategies.
 
:This would typically include information on trends and geopolitical situations."
 
:''Building a Security Operations Centre - threat intelligence - UK National Cyber Security Centre.''
 
 
==See also==
*[[Compromise]]
*[[Corporate finance]]
*[[Credential stuffing]]
*[[Cyber attack]]
*[[Cyber breach]]
*[[Cyber risk]]
*[[Cyber security]]
*[[Cyber security: protecting your business and your clients]]
*[[Cyber threat]]
*[[Dark web]]
*[[Domain]]
*[[Domain name spoofing]]
*[[Due diligence]]
*[[Information Commissioner's Office]]  (ICO)
*[[Information technology]]
*[[National Cyber Security Centre]]  (NCSC)
*[[Open source]]
*[[Outside-in cyber review]]
*[[Public domain]]
*[[Risk management]]
*[[Treasury]]
*[[Treasury risk]]
 
 
==Other resources==
*[https://www.ncsc.gov.uk/collection/building-a-security-operations-centre/threat-intelligence Building a Security Operations Centre - threat intelligence - UK National Cyber Security Centre]
*[https://www.treasurers.org/hub/technical/cyber-security-guide-2024 Cyber security in corporate finance - ICAEW - 2024]


[[Category:Accounting,_tax_and_regulation]]
[[Category:Accounting,_tax_and_regulation]]
[[Category:Risk_frameworks]]
[[Category:Financial_risk_management]]
[[Category:The_business_context]]
[[Category:Treasury_operations_infrastructure]]

Latest revision as of 14:10, 3 August 2024

Financial reporting - risk management - ESG - sustainability reporting - European Sustainability Reporting Standards (ESRS).

In the context of sustainability reporting, a double materiality assessment is one that covers material information about both:

(1) A reporting entity's impact on people or the environment ("impact materiality") and
(2) Financial risks or opportunities relating to a sustainability matter ("financial materiality").


For reporting purposes, a matter is material if it falls into either of these categories.


The European Sustainability Reporting Standards (ESRS) approach to materiality
"The ESRS require that the sustainability statement include sustainability information related to material IROs identified through a materiality assessment process that applies the principles of double materiality...
The terms ‘material’ and ‘materiality’ are used throughout the ESRS to refer to double materiality unless otherwise specified."
EFRAG Implementation Guidance - Materiality Assessment - p9.


See also


Other resource

Retrieved from ‘https://wiki.treasurers.org/w/index.php?title=Cyber_threat_intelligence&oldid=56435