4.6 CTI Role in Risk Analysis

00:00

Hello, everyone. And welcome back to the introduction to Cyber Threat Intelligence. In today's episode, we're going to start talking about the cyber tracked intelligence in the risk analysis world. We're gonna define some Reese concepts, and then we're gonna look how cyber tracked intelligence abilities

00:19

help enhance these risk measures and probabilities

00:27

into cybersecurity world. There are a lot of ways to get things done, and because of that, there have emerged multiple risk models than organization can use to manage the risks. The problem is that many models have a hard time with the following knishes.

00:44

They are vague, non quantified output, often in the form off stop like charge that show green, yellow and red threat levels.

00:53

Also, they estimate about threat probabilities and costs that are hastily compiled based on partial information and real, with unfounded assumptions

01:04

known, quantified out. But it's not very actionable, while models based on a faulty gene resulting garbage in garbage out scenarios whose output appears to be precise but the easing fact misleading

01:21

tre avoid these problems. Enterprises need a well designed Reese model and plenty off valid current information, including the consideration of cyber tricked intelligence

01:33

saver security risk assessments should not be based on Leon criteria defined to provide compliance with regulations. With those criteria, assessing risk usually becomes an exercise in checking boxes. I can say cyber security controls like firewalls and encryption, counting the number of boxes check. It

01:51

gives you a very misleading

01:53

picture, often actual risk.

01:57

The type of equation at the core of any wrist model is likely off occurrence

02:02

times impact.

02:05

But clearly the devil isn't the detailed. Fortunately, some smart people have developed a very good risk models and metal ologists that you can use our adapt to your own needs.

02:19

One that is very good is the factor. Analysis Off Information Risk Fair

02:23

model from the For Institute.

02:27

The first framework helps to create a quantity of risk assessment model that contains specific probabilities for loss from a specific kind of threats.

02:37

This quantity of model for information security an operation on risk, is focus on understanding, analyzing at quantifying information risk in real financial terms.

02:49

If you're familiar with this analyses, by looking at these diagrams, you can immediately see that these considers a whole lot more information than the common Reese models. It considers artisans risks attractive and frequency in detail in detail,

03:05

a specific fields on Boulder ability, classifications and march. More information.

03:12

The first framework, another slack. It enabled you to create Chris models that

03:16

make define measurements of risk,

03:19

are transparent about assumptions, burbles and outcomes, and show a specific lost their abilities in financial terms.

03:28

When measurements for billy assumptions, variables and outcomes are made transparent, they can be. These cuts defend and changed

03:36

because much of the firm model is defining business and financial terms. Executives line of business managers and other stakeholders can learn to speak the same language and to classify assets, threats and vulnerabilities in the same way

03:51

when executed risk analyses. It is important to try to incorporate a specific probabilities about future losses into the Reese model whenever possible.

04:01

Specific probabilities enabled weeks manager and senior executives to these costs and model and how it can be improved,

04:09

after which they have more confidence in the model and the recommendations that come out of it.

04:15

A very specific example is given by recorded future in its Threat Intelligence Handbook.

04:20

Normally, organizations will present a risk information like

04:25

the threat from a denial of service attack to our business has changed from high to medium.

04:30

It means red to yellow.

04:33

This approach is entirely qualitative and gives little to any information. The approach suggested is to use a specific, tangible probabilities in order to express what has happens. Oxide like

04:48

there is a 20% of probability that our business will incur on a loss of over $300,000 in the next 12 months. Because I distributed denial of service. Attack will can disrupt Deauville, the availability of our customer fixed synced website.

05:04

There's no need to have an enormous amount off recent knowledge in order to understand how these two affirmations differ and which one is the most effective and efficient to have.

05:17

Okay,

05:18

but enough got it. Enough about concepts of risk analysis. Now wait that we have understood a little bit more of the risk world. It's model's purpose and the often downsides off their implementations. We can see how CyberTrips intelligence influences this models and analysis to improve their souls,

05:38

a big part of her game of creating a threat model evos estimating the probability off successful attacks or loss event frequency in the language of the fair framework.

05:48

The first step is to create a list off categories that might affect the business.

05:54

This list typically include my worst phishing attacks. Exploit kits served, See, were these attacks when application exploits distributed denial of service attacks ran summer and many other crates?

06:08

The next tip is much more difficult. It is to estimate probabilities that the attacks will happen on that they will succeed.

06:16

It means the arts that the enterprise contains Will Neville, it is related to the attacks on existence Control are not sufficient to stop them.

06:27

Another important subject to consider. It's narrowing the interest to the right questions. CyberTrips intelligence can't help by answering questions, such as

06:36

which straight actors are using this attack and do they target our industry?

06:43

How often has this a specific attack being observed recently by enterprises like ours?

06:48

Is the trend going up or going down?

06:53

Which vulnerabilities does this attack exploit?

06:56

And neither does Boulder Village is present in a renter price.

07:00

What kind of damage technical and financial has this attack cost in interprets like ours?

07:06

Analysts still need to know a great deal about the enterprise any security defenses. But cyber tracked in Tillie's and reaches their knowledge of attacks the actors behind them and their targets. It also provides hard data on the prevalence is off attacks.

07:24

Here we can see the development over time off various ransom for families analyzed as a part of cyber trade intelligence program.

07:31

The trend line to the right off each Ransom Burr family indicates increasing or decreasing references across a huge range of trade data,

07:42

such as code repositories, paste cites, security researcher blocks, criminal farms and tore accessible firms.

07:49

Additional information might be available about how the ransom where families connect to direct actors, targets and exploit kids.

07:59

This guy clearly be translated to the likelihood of a threat here and the organization by running some simple numbers. Although it doesn't seem like much and the numbers and operations are basically the same. Having inaccurate repositories of attacks numbers will do much more than a simple estimate off a tract infection.

08:18

The other major competent off the formula in our model is the probable cost off successful attacks.

08:26

Most of the data for estimating cost is likely to come from inside the enterprise. However. Trip cyber tracked intelligence cop can provide useful references points on topics like the cost of similar attacks on enterprises off the same size and in the same industry.

08:43

This systems that need to be re mediated after an attack on the type of remediation they require.

08:50

This information it can be translated to cost for an enterprise in a more specific way and a more effective representation.

09:00

So how risk analyses benefits for from cyber tracked intelligence? How is that risk assessments? Measure of risk is that accurate by having an enormous history of threats as statistical projection is much more easier and much more reliable than an opinion based projection.

09:20

What sort of information the saber trades intelligence provide to risk analyses in originated more effective?

09:26

This is all about tread operability based on precise, that there are no more estimates there nor more

09:33

personal opinions in them. This is just a story. Data measures somehow

09:41

in order to get a more accurate number.

09:45

No for you to do some reflection. If you were a wreath man a year, would you choose an approach with or without cybertrips intelligence?

09:54

Don't tell me the answer. It is for Ji only. Okay.

10:00

In today's brief lecture, we discussed how worry Smalls often use in organization what specific areas. Can cyber threat intelligence and hands in order to obtain more accurate risk calculations?

10:13

What processes Consider interpreter it intelligence benefits, risk analyses And, lastly, the type of intelligence that risk analysis needs

10:24

continued the cyber tracked intelligence journey. We're going to move to a very interesting and sometimes unexpected alliance,

10:31

and that is how separate trading turned against can help the tech front in organization. I'm very eager to get there,