This resource is no longer available
Considerations for Integrating Intelligence into Security Operations
When implementing a plan for integrating cyber intelligence, there’s an inevitable temptation to leverage the abundance of free information available – whether from vendors, news groups or individuals, especially in a climate where security budgets are under pressure, and risks are accelerating. Leading enterprise security teams recognize that the value of intelligence is tied to the accuracy and trustworthiness of the information. Just as damaging as an unmitigated vulnerability is a series of false alarms that cause unnecessary action and distraction from other critical tasks. Organizations are often mandated to stay ahead of this type of information, and are seeking trusted, objective intelligence to identify the select threats that truly matter to their networks. The desired outcome is informed decisions and a sound, cost-effective risk mitigation strategy based on the potential impact that any one threat can have on organizations’ IT assets, sensitive data and critical production systems.
This whitepaper outlines four critical elements of cyber security intelligence that organizations must meet to ensure that the integration of the intelligence will help improve the safety and profitability of enterprises. These elements are:
- How business context can drive the focus for mitigating threats
- The lifecycle of threats
- The impact that accuracy has on intelligence reporting
- The need for an effective threat-response strategy when attacks do penetrate your defenses
Additionally, this paper includes four case studies showcasing the risks of unfiltered and unsubstantiated intelligence and specific questions to ask when determining the best approach for an overall risk-mitigation strategy.