richardk/iso27diy-corp
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
iso27diy-corp/Corpus/ISMS/About dealing with threats.md

48 lines
No EOL
2 KiB
Markdown
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# About the connection between threat intelligence, analysis and modeling
### 🔄 Interplay Overview
|Concept|Role in Cybersecurity|How It Connects to the Others|
|---|---|---|
|**Threat Intelligence**|Collects and delivers data on threats|Feeds raw data into analysis and modelling|
|**Threat Analysis**|Interprets and assesses threat data|Uses intelligence to evaluate risks and impact|
|**Threat Modelling**|Maps out potential attack paths and scenarios|Uses analysis to simulate and prioritize threats|
---
### 🧠 Threat Intelligence → 🔍 Threat Analysis
- Threat intelligence provides **real-time data** on threat actors, malware, vulnerabilities, and attack trends.
- Analysts use this data to **identify patterns**, **assess relevance**, and **prioritize risks** based on the organization's context.
### 🔍 Threat Analysis → 🧩 Threat Modelling
- Analysis helps determine **which threats are most likely and impactful**.
- This guides threat modelling to focus on **realistic attack scenarios**, not just theoretical ones.
### 🧩 Threat Modelling → 🧠 Threat Intelligence
- Threat modelling reveals **gaps in visibility** or **missing threat data**.
- These insights can refine intelligence collection efforts, ensuring more targeted and useful data.
---
### 🛡️ Real-World Example
Imagine a financial institution:
1. **Threat Intelligence** detects a surge in phishing campaigns targeting banking apps.
2. **Threat Analysis** reveals that attackers are exploiting MFA fatigue and targeting mobile users.
3. **Threat Modelling** simulates how these attacks could bypass defenses and identifies weak points in mobile app authentication.
This leads to:
- Updating detection rules.
- Strengthening MFA protocols.
- Training users on phishing awareness.
---
Together, these disciplines create a **feedback loop** that strengthens an organization's ability to **predict, prevent, and respond** to cyber threats.
Would you like a visual diagram or a case study to illustrate this further?
Reference in a new issue View git blame Copy permalink