Monday, 29 August 2022

Cyber Security Intelligence Cycle

 

Cyber Security Intelligence Cycle

The intelligence cycle is a core process used by most government and business intelligence and security teams to process raw signals into finished intelligence for use in decision-making. The intelligence cycle is the never-ending process of collecting raw information, generating actionable intelligence from it, and sending it to stakeholders to make decisions that help the organization meet particular cybersecurity objectives.

Following  picture shows steps of cyber security Intelligence Cycle, 





if any organization successful implement intelligence cycle, it get following serval advantages,
  • Quick detection and remediation of threats
  • Increased efficiencies of cybersecurity implementations
  • Better report for decision makers and higher management
  • Better regulatory compliance

Requirements (Plaining & Direction)

Security intelligence cycle starts with requirements. The requirements phase sets out the goals for the intelligence gathering effort .The following requirements will need to be defined to achieve the goals:

   Team roles and responsibilities

   Resources allocated to team members

   Timelines for meeting objectives

   Prioritization of assets, risks, and threats

   Tools/techniques needed to collect, analyze, and report cybersecurity intelligence

Collection (& Processing)

Start collecting raw data from a variety of open- and closed-source locations to help identify the current and most likely threats facing the organization. The collection process is implemented by software tools, such as SIEMs, and then processed for later analysis. Range of tools to collect threat data, including the following:

   Security information event management (SIEM)

   Threat intelligence platforms

   Threat intelligence providers

   User behavior analytics (UBA)

   Network traffic analysis tool

Analysis

Analysis is the act of making sense of what you observe. With threat data now in an intelligible format, analysis will help us turn that data into threat intelligence—which is when the data becomes contextually useful—and we can truly understand what it says. The analysis is performed against the given use cases from the planning phase and may utilize automated analysis, artificial intelligence, and machine learning. Analysis helps us to make a report of all your analyzed findings .

Dissemination

Distributing the requested intelligence to the customer occurs at the dissemination phase. The dissemination phase refers to publishing information produced by analysis to consumers who need to act on the insights developed strategic, operational & tactical.

Make sure you know who they are and that you give careful consideration to how you disseminate intelligence to them. Take a look at the following for some guidance:

   Make sure the right stakeholder is given the data most relevant to their needs.

   Make sure data is formatted in the most understandable and useful manner.

Feedback

The final phase of the intelligence cycle is feedback. The phase that aims to clarify requirements and improve the collection, analysis, and dissemination of information by reviewing current inputs and outputs.


No comments:

Post a Comment

Building Own SIEM Environment using Opensource Tools (Part 4)

  Building Own SIEM Environment using Opensource Tools (Part 4) Wazuh Server As per last blog, we are going to install Wazuh server and Wazu...