Discussion

Prompt

Leverage the materials covered in Lecture 7 to describe various components of threat intelligence, including threat motives, sources, and methods to collect, normalize, and analyze threat data to determine the best option to mitigate those threats.

 

Assessment

Your response to the discussion prompt should be at least 450 words. You will be graded on how well you apply the session concepts. You are required to reply to at least 1 other post.

 

Instruction: Two parts in total

1. Based the Prompt, the assignment most likely take a summary for “Lecture 7-Threat Intel” (Please check the attached file) . Please pay attention to the title and sub-title of each slide. 400 words at least.

 

2. Reply to classmate’s post. 150 words at least. I pasted the posts of two classmates, this is to provide you with some samples , you only need to reply to one of them.

 

Classmate’s post here:

Student 1:

Threat intelligence is an area of cybersecurity that focuses on the collection and analysis of raw data and information about potential attacks that threaten the safety of an organization. The key mission for threat intelligence is to analyze potential trends and technical developments in three different areas: a. Cybercrime (attackers aim to profit by converting stolen data into cash) b. Hacktivism (attackers aim to damage the reputation of the organization) c. Cyberespionage (attackers aim to improve the strategic capabilities of their host nation sponsors). Besides, open-source intelligence, social media intelligence, human intelligence, and technical intelligence are the collections methods that could be applied by threat intelligence. Also, threat intelligence could be divided into three categories, which are strategic, tactical, and operational. On the other hand, different types of sources including open, dark web, and technical sources are the combination data points to form the most robust picture possible. Besides, the threat intelligence use cases could be implemented by cross-functional teams in any organization, which could help them to prevent a cyber-attack. Seven different segments are included in the threat intelligence use cases: incident response, security operations, vulnerability management, risk analysis, fraud prevention, security leadership, reducing third-party risk. Last but not least, the threat intelligence lifecycle is the process used to identify and analyze the new vulnerabilities and gaps that exist in the current intelligence program, which are planning and direction; collection; processing; analysis; dissemination; and feedback. By doing so, various threats and potential attacks could be prevented or reduced.

Student 2:

Threat Intelligence is an area of cybersecurity that focuses on the collection and analysis of information about current and potential attacks that threaten the safety of an organization or its assets. The threat source used by TI is collected from intelligence using open-source intelligence (SCINT), social media intelligence (SOCMINT), human intelligence (HUMINT), technical intelligence, or intelligence from the deep and dark web. It’s a tool used in the cyber security strategy, in order to research and analyze trends and technical development in cybercrime, hacktivism, and cyberespionage. There are three types of threat intelligence: Tactical- outlines of the tactics, techniques, and procedures of threat actors for a more technical audience; Strategic- broader trends typically meant for a non-technical audience; Operational- technical details about specific attacks and campaigns. It has a six-part lifecycle to collect, process, and analyze threat data. The first step is planning and direction, the second is data collection, the third is processing, the fourth is analysis, the fifth is dissemination, and the final step is feedback. To mitigate the risks, it is critical to have reliable data, good analysts, and a sound policy so that the intelligence can be acted upon. Educating employees to understand the importance of cybersecurity, like security awareness training, helps employees to recognize warning signs from potential attacks. Be sure to check your partners before you share data with them, to find out how they handle cyberattacks. And always keep yourself updated.