FAIR is a risk assessment tool that creates a threat model based on past experiences, current trends, and value of current assets. It is able to identify the risk by using penetration testing and security exercises that have the same on par with today's threat and deliver a well versed risk analysis.
Here are some other features of FAIR:
-Intelligence Gathering: in the form of human and non-human
-Business Process Mapping:identify critical business process to be used in threat modeling/planning
-Asset Mapping: value of current asset and cost to replace it
-Vulnerability and Exposure Analysis: finding a list of vulnerabilities from various points and identifying the countermeasures
-Threat Modeling: identify the threat and its success rate to attack the asset.
-Data Flow Protection Analysis: Analysis of all communication : data, voice, image, and physical to find any incorrect data flow.
-Risk Modeling: Based on the risk liability and frequency assign a quantitative value to that risk
-What-If Modeling: Analyzing future landscape of organization (like merger) in order to aid organization decision making.
Read More: http://www.optimalrisk.com/Cyber-Security/FAIR-Methodology
Sunday, March 27, 2016
Sunday, March 20, 2016
Becoming a Cyber Intelligence Analyst
What is the role of Cyber Intelligence Analyst? What type of skills are needed? What should be provided by the analyst?
Analyst have dig thru a lot of information and noise to get intelligence. Once the intelligence is obtained they need to deliver a report. Usually a common method used is the Bottom Line Up Front(BLUF) which lets the readers find what the report is about in about 10 seconds. Also, in the report should be important details gathered from the intelligence system and lastly an opinion from the analyst.
Skills Needed:
-Technical Writing: this skill is developed over time
-Analysis Skill: This skill can be sharpened by being able to understand human psychology and being able to think like an attacker. and asking questions like: How will the attacker attack? what is the process? what is the goal? what are the tools?
Traits of Good Analyst:
Being a technical expert in your field and identify what Intel is good and what Intel is bad.
Have knowledge about your customers/organization.
Be able to grab info from other resources like blog, books, and threat feeds.
Analyst can use any source of information such as Firewall logs, Intrusion Detection System logs, digital forensic analysis, the reverse engineering of malware, open source Internet searches, honeypots, and more.
Able to process large amount of data think critically.
Source: http://www.tripwire.com/state-of-security/security-data-protection/developing-cyber-intelligence-analyst-skills/
Analyst have dig thru a lot of information and noise to get intelligence. Once the intelligence is obtained they need to deliver a report. Usually a common method used is the Bottom Line Up Front(BLUF) which lets the readers find what the report is about in about 10 seconds. Also, in the report should be important details gathered from the intelligence system and lastly an opinion from the analyst.
Skills Needed:
-Technical Writing: this skill is developed over time
-Analysis Skill: This skill can be sharpened by being able to understand human psychology and being able to think like an attacker. and asking questions like: How will the attacker attack? what is the process? what is the goal? what are the tools?
Traits of Good Analyst:
Being a technical expert in your field and identify what Intel is good and what Intel is bad.
Have knowledge about your customers/organization.
Be able to grab info from other resources like blog, books, and threat feeds.
Analyst can use any source of information such as Firewall logs, Intrusion Detection System logs, digital forensic analysis, the reverse engineering of malware, open source Internet searches, honeypots, and more.
Able to process large amount of data think critically.
Source: http://www.tripwire.com/state-of-security/security-data-protection/developing-cyber-intelligence-analyst-skills/
Sunday, March 13, 2016
Recorded Future Helping Organization in Cyber World
The web is complex and is divided into three layers:
One needs to look at these goals first for their Company first in order to avoid immediate issues:
- turn intelligence objectives into intelligent decisions
- Apply Open Source Intelligence(OSINT) to prioritize threats
- save time and money by using threat intelligence capabilities
Read more:
https://www.recordedfuture.com/finance-threat-intelligence-goals/
- World Wide Web: Surface layer, public, easily accessible
- Deep Web: Not searchable, dynamic, private, ephemeral
- Dark Web: Custom protocols, legal issues
One needs to look at these goals first for their Company first in order to avoid immediate issues:
- Direct risk (targeted or named; institutional vulnerabilities)
- Indirect risk (vendor, service, or technology dependencies)
- Actors, campaigns, tools, or tactics that targeted your company or sector
- Internal inquiry (leadership, corp communications, or technical areas)
- Affecting multiple companies in your sector
- Affecting a large company or leader in your sector
- Affecting a direct peer (by market size, holdings, or geography)
- Mass campaign (widespread, significant volume, or high level of success)
- Has, or expected to have, significant media attention (inquiries expected)
- New or significant actors, campaigns, tools, or tactics
- turn intelligence objectives into intelligent decisions
- Apply Open Source Intelligence(OSINT) to prioritize threats
- save time and money by using threat intelligence capabilities
Read more:
https://www.recordedfuture.com/finance-threat-intelligence-goals/
Sunday, March 6, 2016
Strategic ,Operational, Tactical Matrix
We all know three roles in the intelligence area: Strategic, Operational and Tactical. Lets us explore more about what the goal for each of these role and some of the attributes attached to each role:
Strategic:This role is more involved around the big picture, planning and making organizational decisions with future in mind. Here you only want to know about what are the current threats or is there a threat present in location where we are going to open a new office.
Operational:This role is all about making decision based on the intelligence you have at hand and explain why the decision was made in such as way. In order to make decision you need to prioritize the task at hand, have enough context about the task(in order to answer any questions) and then take proper action.
Tactical: This role is the most technical of the of them all and belongs to the security team members. In this role the team members are responsible of maintaining and looking to see what is the new item in security realm. This role is also responsible of finding out or feeding the security system with indicators in terms of IP, Hash, and emails titles etc.
Here is a matrix that summaries each of these roles:
Read more :http://www.isightpartners.com/2015/04/thoughts-from-rsa-improving-it-all-strategic-operational-tactical-with-cyber-threat-intelligence/
Strategic:This role is more involved around the big picture, planning and making organizational decisions with future in mind. Here you only want to know about what are the current threats or is there a threat present in location where we are going to open a new office.
Operational:This role is all about making decision based on the intelligence you have at hand and explain why the decision was made in such as way. In order to make decision you need to prioritize the task at hand, have enough context about the task(in order to answer any questions) and then take proper action.
Tactical: This role is the most technical of the of them all and belongs to the security team members. In this role the team members are responsible of maintaining and looking to see what is the new item in security realm. This role is also responsible of finding out or feeding the security system with indicators in terms of IP, Hash, and emails titles etc.
Here is a matrix that summaries each of these roles:
Read more :http://www.isightpartners.com/2015/04/thoughts-from-rsa-improving-it-all-strategic-operational-tactical-with-cyber-threat-intelligence/
Subscribe to:
Posts (Atom)