As discussed in previous posts, a threat intelligence program can help organizations more quickly understand and effectively respond to the evolving threat environment. And with this new program, gathering, analyzing, distributing, and sharing threat intelligence has added a whole new list of tasks to the cybersecurity “to-do list.” Therefore, it's no suprise that one of the top predictions in the McAfee Threat Prediction Report of 2016, was that this function is going to be maturing very rapidly in the coming year.
The NIST Guide to Cyber Threat Information Sharing Draft (Special Publication 800-150) states, “Organizations should move from informal, ad hoc, reactive cybersecurity approaches where the organization operates in isolation to formal, repeatable, adaptive, proactive, risk-informed practices where the organization coordinates and collaborates with partners.”
To start moving in this direction, it’s imperative to assign someone primary responsibility for these functions. In many small to mid-sized organizations, this isn’t going to be a full-time position, but it should be part of someone’s daily activities. Here’s what they should be doing on a daily basis:
- Threat Intelligence Source Management - Monitoring information from your threat intelligence sources, and maintaining a central repository or library of the data collected, the actions taken, and the lessons learned.
- Internal Information Distribution - Determining what information is relevant and to whom, and sending it out to the intended audience within the organization.
- Information Sharing Coordination - Managing activities and communication between the organization and the predetermined partners in its Information Sharing Network (ISN). They manage the schedule, types of information to be shared, and communication channels. They are also responsible for documenting all sharing activities with the ISN, what information came and went, when and where, and the action taken.
Just like incident response, disaster recovery, and cybersecurity awareness and responsibility, threat intelligence and information sharing should be part of your business-as-usual strategy, rather than a bolt-on function. Having a dedicated resource can help you ensure information is handled properly and you’re getting the most value out of your program.
Strengthen Your Security Team with a Dedicated Expert
Available only from Sage Data Security, Tyler Detect provides independent security information analysis of your network logs from highly-trained cybersecurity experts. With over a decade of experience, we continually improve our methodology based on the latest threat intelligence. That means unauthorized access, malware, and suspicious activities are quickly detected and can be easily acted on.