7.3 Team and Approach

00:01

Hello, everyone, Welcome back to another episode of Introduction to Cyber Threat Intelligence. Today we're going to review them near implementation off the saber Transient Aliens unit, and what aspect shall be done accordingly in order to build a successful unit Soap. Let's get started.

00:19

As we discussed in the previous video, you can start your psychiatrist intelligence journey with people who continue to play all the roles on different teams in the organization. But let's point out something here if there's going to be people performing all the roles this I've attracting tell you just should be their priority now to question will arise.

00:38

Should there be a dedicated cyber craft intelligence team,

00:41

and should it be independent, or can it leave inside an order? Cyber Security group?

00:46

The answer. Our yes, any depends a do develop a comprehensive cyber threat Intelligence program. You should build a team dedicated to collecting and analyzing threat later on turning it into intelligence. The sole focus of this team should be to provide relevant in actionable intelligence to key stakeholders,

01:06

including senior executives on members of the board.

01:10

Dedication and a broad perspective are needed to ensure team members dedicate enough time to collecting, processing, analyzing and disseminating intelligence that provides the greatest value to the enterprise ***,

01:23

rather than yielding to the implementation to focus on the intelligence needs off one group or another.

01:32

Organizational independence has its advantages, such as greater autonomy and prestige. However, this advantages can be completely offset by be jealousies and political issues cause by creating a team with a new high level manager and its own budget that pulls beat Budding saver treaty Tell years analysts

01:52

out off the your existing groups.

01:55

A dedicated cyber threat intelligence team doesn't necessarily need to be a separate function reporting directly to the BP or deceased, so it can be long toe a group that already worse with cyber threat intelligence. In many cases, this will be the Incident Response group. The savvy approach can avoid conflict within entrench security teams.

02:15

If you take a gradual approach to building your core separate intelligence team. Start within. The Beatles were already in the Cyber Security Organization on our applying cyber threat intelligence to the particulars. Arab security. They may not have the title Cyber tracked intelligence analyst or see themselves that way at first,

02:34

but they conform the backbone of the emergent cyber treat intelligence capability.

02:39

Well, we have emphasized the disabled threat intelligence fortune exist to strengthen other teams in the cyber security organization so they can better protect the specific enterprise. It is therefore critical that the saver tread intelligence team include people who understand the core business operation of work, clothes, network infrastructure,

03:00

risk profiles

03:00

and so play chain, as well as a technical infrastructure and so far, application off the entire anti brace

03:07

at the saver trade Intelligence Team matures. You want to have members with skills for correlating external data within the internal telemetry, providing threats, situational awareness and recommendation for security controls. Proactively haunting internal threats, including insider traits.

03:25

Educating employees and customers and cyber Kratz,

03:29

engaging with the wider trapped intelligence community

03:34

and identifying and managing information sources.

03:38

Well, I say the Treaty Intelligence team needs to plan an Alka Resources to address the four types of cyber trades intelligence so shown in the image. Okay, let's dive into each one of them. Them

03:53

first. The strategic cyber Tracked Intelligence provides a Y view of the trapped in vitamin on business issues.

04:00

It is a sign to inform the decisions of executive boards and senior officers. And strategic dreading Children's usually is not over overly technically. And it's most likely to cover topics such as the financial impact off cyber security or major regulatory chaired changes.

04:17

For example, if your business is looking to move towards integrated win Aye aye assistant like Amazon Alexa Aura lowing, allowing customer to transact with beat kind as strategic silent threat intelligence can hide. Like the Ricks factors in these initiatives on Make suggestions for mitigations,

04:39

tactical saver directing intelligence focuses on Attackers, tactics, techniques and procedures. It relates to the specific attack vectors favor by threat actors in your industry or geographic location. Typically, this form of intelligence, it's highly actionable, and he steals more operational staff,

04:57

such as incident responders,

04:59

to ensure Technical Contra LS and processes are suitably prepared.

05:02

For example, if a spear fishing is identified as a prominent attack back during your industry back because I betrayed intelligence could show you how additional security training for highly prevalent users can foil those attacks.

05:17

Operational side betrays intelligence is related to specific, impotent, impending attacks. It helps senior security staff anticipate when and where attacks will come. For example, if you want to identify individuals planning to attack your business or customers.

05:33

Operational Cyberthreats intelligence might provide answers by monitoring information from criminal communities

05:40

under that. Well,

05:44

now technicals readied cyberthreat intelligent compresses a stream off indicators that can be used to automatically identify and black suspect and malicious communications. For example, if you want to prevent stolen data from being expatriated from just network teii me consider threat intelligence

06:01

might highlight an I. P address suspected to be malicious,

06:04

allowing you to block communication with that address. Technical so betrayed the intelligence is stable. It'll turn is typically transient and available in extremely high volumes,

06:15

so you should find ways to persist is process it automatically rather than involving human Alistair.

06:23

Okay,

06:24

so let's do a quick review of what we have gone through so far. We discuss how to be let team by using either new personnel are existing personnel in already established teams and the best approach to avoid much entanglement in the organization.

06:39

We also review the car competitors seem necessary in order to have the best profiles, performing cybertrips intelligence operations

06:47

and lastly with revealed the four types of Sybil Treaty until years, and how can they be applied with specific examples.

06:57

In the next video, we will be diving into the technical requirements, such a surfaces and reaching a threat data technology and else they will complement this optics needed in order to establish a psychic reading tellings unit that will fit any organization.