23 lines
No EOL
1.8 KiB
Markdown
23 lines
No EOL
1.8 KiB
Markdown
By Jake Munroe of Recorde Future
|
||
Source: [Recorded Future website](https://www.recordedfuture.com/iso-27002-threat-intelligence-new-security-standard/)
|
||
Published: February 4, 2022
|
||
Retrieved: March 7, 2022
|
||
|
||
Jake Munroe lists some uses of threat intelligence on the three layers as identified in [a-5.7-Threat-intelligence](../Standards/ISO27x/OST/27002/EN/a-5.7-Threat-intelligence.md):
|
||
|
||
Strategic:
|
||
- setting priorities and making informed security architecture and budget decisions
|
||
- focussing your threat intelligenge programme in line with the organization's strategy, by defining and tracking Priority Intelligence Requirements [^PIR]
|
||
- heightened awareness of relevant emerging threats, TTPs [^TTP], and threat groups
|
||
|
||
Tactical:
|
||
- integrating Indicators of Compromise (IoC’s) into security tools to enable contextual intelligence
|
||
- using detection rulesets from hunting packages on threat actors and malware
|
||
|
||
Operational:
|
||
- better understanding of specific attacks and the relationships between threat actors, indicators, and TTPs
|
||
- mapping threat intelligence to common frameworks like MITRE ATT&CK to classify behaviors, assess security gaps, and share intelligence with the cybersecurity community
|
||
|
||
|
||
[^PIR]: An agreement to prioritize certain information collected and processed over others because of the organization’s critical need for this data. – [source](https://www.crowdstrike.com/falcon/2020/videos/priority-intelligence-requirements-your-key-to-working-smarter-with-more-impact/)
|
||
[^TTP]: - Tactics, techniques and procedures (TTPs) are the “patterns of activities or methods associated with a specific threat actor or group of threat actors.” – [source](https://www.optiv.com/explore-optiv-insights/blog/tactics-techniques-and-procedures-ttps-within-cyber-threat-intelligence) |