9.1 Summary and References Part 1

00:00

Hello, everybody. Welcome to introduction to save Regret. Intelligence. This is the second to last video and the last model off these curse. This episode we will discuss the first part off her summary where we're going to take the most important parts off each model. So that's a start.

00:21

In the beginning of the curse, we started with the history and main concept off cyber Threat intelligence.

00:27

In this model, we discussed how the whole concept of intelligence comes from military use.

00:33

The attack takes techniques that most armies will use in order to be one step ahead of the rivals.

00:41

One of the most important concepts that we landed here is that intelligence will be performed all the time in peacetime and inward, So keep that in mind. Always.

00:54

It's not necessary for you to be having on incident at that moment. In order to start collecting information, the Cyber Threat Intelligence Unit should be collecting and analyzing and processing information all the time.

01:08

Also, in the concepts we discussed, we pointed out a very important element that we need to know from the start

01:18

and that is that cyber credit. Italian is not a unit that works as a cooking recipe or a one size fits all kind of thing.

01:26

It needs to be Taylor to meet organizations objectives. I know, but I have said it

01:33

a lot of times,

01:34

but trust me,

01:36

I cannot tell you enough how that point. It's really, really important in order for your cyber treaty telling Ian's unit to provide valuable information for other teams and your organization as a whole.

01:52

Then we moved on to the intelligence driven security. After reviewing some history and concepts, we went ahead and started talking about taking security from a different perspective.

02:02

We navigated through the intelligence room in security perspective. This is the first time that we stated that cyber crediting telling is it's more than just that. If it's on, PdF Report's intelligence is whole concept and the whole world that needs to be considered into the organization. Cyber security strategy

02:23

after state in the actual role also arbitrate intelligence. We visited the different faces of the cyber trade intelligence lifecycle, these being direction, collection, analysis, processing dissemination and figs back,

02:42

Let's remember, was each one off these faces of light cycle. Did the direction face Waas Taylor to provide the main objectives off the Cyber Trend Intelligence unit. This have to be aligned to the organizations in order to provide the best

03:00

cyber great intelligence that the organization's required. Also,

03:04

they have to be aligned with all the teams

03:07

involved with the cyber tread Intelligence unit. So the direction off the data feeds off the Web forums, scrap scrapping or all the investigation done and Secretariat Italians unit.

03:20

So it will be really useful for the organization.

03:23

The collection face is nothing more than that,

03:27

collecting the data from the search to find and gather it

03:31

as butch as we can handle.

03:35

Let's remember, though we have to be cautious. Do not just get a lot of information and don't do anything with that with it or get overwhelmed by it. That's why the next faces are really important. The analysis face will tell us what information can't be used.

03:53

What information is not outdated,

03:55

what information is neutral?

03:59

That means it's not by us, but by any author from the media or social media or some forum. The information has to be as neutral as possible to actually become intelligence, because to that information, you're going to provide context so you know, you cannot have information that he's biased

04:18

in order to provide

04:19

valuable intelligence to other teams. Next is the processing off that information.

04:27

This part will take all the different searches. All this similar information, and we'll start correlating every single item with information off the internal tools.

04:39

Let's say we have a model were detected by some tread feet, and we have, ah, the indicator of compromise detected internally. So we can we can create a link and bring that information to our stock analysts or our incident response team.

04:58

Next is the dissemination is actually bringing this information to the team, since I just said any depends how urgent the dissemination has to be in the example that I was talking about,

05:12

The dissemination of information to the soccer team or the I R team needs to be fast, but when we're talking about

05:19

information to secure leaders or information to different departments that they're not

05:28

side that much to time, it could be disseminated in different ways. We really talk about power point presentations off, pdf reports, but they can also also be disseminated by a meeting or a presentation on actual presentation off someone from the Cyber Tread Intelligence unit

05:46

to give the information to the stake holders or

05:49

another team that may have difficult understanding technical terms on a nana least in place to be really helpful.

05:59

Lastly, we have the feedback face.

06:02

Don't get carried away with deep this face in the Indus Cents off

06:09

off. Disregarding it because Fiedler is really important in order to keep our cyber tracked intelligence unit align with the objectives off each team. If a team is not receiving the intelligence that it was expecting, it's a problem of the cyber Threat intelligence team

06:28

and not the objectives of the other units.

06:30

So changes have to be made in orderto realigned the intelligence provided in order to meet the team's objective. That way, Disciple Trade Intelligence unit will become really valuable tour to the organization. Otherwise,

06:46

team sketches grabbed the information and throw it away because they cannot do anything with it

06:55

Now. In the middle of the information flow that we were checking, we hit the past and doping to the data sources that we have available for a collection face.

07:04

We stated that some important searches, maybe threat, fits media and social media threat actor forums and dark Web forums.

07:14

We review each one of these data sources in order to understand how they would complement each other and how much off manual action do each one of these need.

07:25

Also, we dove into the tire Web, and what

07:29

did the what dark, where forms meant.

07:33

Next, we started talking about the cyber credit intelligence role in different teams.

07:40

This started with Suck on their monitoring team here. The most important aspect that cyber tracked intelligence can help with its enough information and context that will help the stock analysts to distinguish between a natural tread on a false positive. The fastest way possible after Suck

07:59

were viewed, how the Indian Response Team works

08:01

and how decided Credit Intelligence Team can provide just enough information for E to know what they're dealing with,

08:09

how the organization have responded to such threat and what potential impact can the strength costs.

08:18

Another team that was reviewed was the risk analysis team here. We reviewed the main purpose of the Cyber threat intelligence in order to generate a more riel risk analysis that is not based upon assumptions, but instead it is based on the statistics in order to represent a more realistic

08:37

approach and at the same time,

08:39

a more tangible one. So better decisions can be made from the risk analysis team,

08:46

and we're gonna hit a pass here so you can go ahead and take some air. Since this is a lot of information to take in, you can go ahead, grab some tea, coffee or any drink of your taste. Or if you prefer, you can go ahead and start the very last episode of these curs. It is always a pleasure to have you here