Cyber Security Intelligence Cycle
The
intelligence cycle is a core
process used by most government and business intelligence and security teams to
process raw signals into finished intelligence for use in decision-making. The intelligence cycle is the never-ending process of collecting raw
information, generating actionable intelligence from it, and sending it to
stakeholders to make decisions that help the organization meet particular
cybersecurity objectives.
Following picture shows steps of cyber security Intelligence Cycle,
- Quick detection and remediation of threats
- Increased efficiencies of cybersecurity implementations
- Better report for decision makers and higher management
- Better regulatory compliance
Requirements (Plaining & Direction)
Security intelligence cycle starts with requirements. The requirements phase sets out the goals for the intelligence gathering effort .The following requirements will need to be defined to achieve the goals:
• Team roles and responsibilities
• Resources allocated to team members
• Timelines for meeting objectives
• Prioritization of assets, risks, and threats
• Tools/techniques needed to collect, analyze, and report cybersecurity intelligence
Collection (& Processing)
Start collecting raw data from a variety of open- and closed-source locations to help identify the current and most likely threats facing the organization. The collection process is implemented by software tools, such as SIEMs, and then processed for later analysis. Range of tools to collect threat data, including the following:
• Security information event management (SIEM)
• Threat intelligence platforms
• Threat intelligence providers
• User behavior analytics (UBA)
• Network traffic analysis tool
Analysis
Analysis is the act of making sense of what you observe. With threat data now in an intelligible format, analysis will help us turn that data into threat intelligence—which is when the data becomes contextually useful—and we can truly understand what it says. The analysis is performed against the given use cases from the planning phase and may utilize automated analysis, artificial intelligence, and machine learning. Analysis helps us to make a report of all your analyzed findings .
Dissemination
Distributing the requested intelligence to the customer occurs at the dissemination phase. The dissemination phase refers to publishing information produced by analysis to consumers who need to act on the insights developed strategic, operational & tactical.
Make sure you know who they are and that you give careful consideration to how you disseminate intelligence to them. Take a look at the following for some guidance:
• Make sure the right stakeholder is given the data most relevant to their needs.
• Make sure data is formatted in the most understandable and useful manner.
Feedback
The final phase of the intelligence cycle is feedback. The phase that aims to clarify requirements and improve the collection, analysis, and dissemination of information by reviewing current inputs and outputs.