Video Description

Module 3 examines an organizational approach to CTI which can be characterized as its "perceptions" of CTI. It comes down to how an organization decides to act in light of the risk intel that is collected and presented on its behalf. This is referred to as risk analysis and at its core, is what keeps an organization healthy. Threats must first be defined and then examined both in isolation and together. Some real threats may not be relevant to an organization such as a virus targeting Mac in a Windows organization. There is both positive and negative risk. Positive risk is typically knowingly undertaken by an organization such as buying a smaller competitor. The potential for gain typically outweighs that for loss. Conversely, with negative risk such as with a vulnerability, sometimes the risk is also worth taking is the cost to mitigate it exceeds that value of the asset under threat. Risk can also be transferred via insurance or the outsourcing of securtiy. CTI is an investment and requires training, financial expenditure along with a multitude of decisions from undertaking automation to determining if an identified threat is actionable.

Course Modules

Intro to Cyber Threat Intelligence

Module 8 - Tactical Threat Intelligence Requirements

Module 12 - Summary