Presentation is loading. Please wait.

Presentation is loading. Please wait.

A quick glace at Intelligence Led Risk Management

Published byGustaaf van de Velde Modified over 5 years ago

Similar presentations

Presentation on theme: "A quick glace at Intelligence Led Risk Management"— Presentation transcript:

1 A quick glace at Intelligence Led Risk Management
Threat Intelligence A quick glace at Intelligence Led Risk Management

2 A brief history of me…… Former Child Former Military Police NCO
Former Military Intelligence NCO Former Bus Driver – got into InfoSec 5 years ago Worked for DXC on the MoD Contract Worked at Auriga Consulting on the Nuclear Decommissioning Authority contract Worked at Virgin Money in 2nd Line Risk Currently working for Infinium as an IT Security Specialist RNLI volunteer All round “good egg”

3 Agenda What is “Threat intelligence”
Information, Misinformation, Intelligence and Actionable Intelligence What's the difference between information and intelligence What does threat intelligence mean to business? Threat Intelligence & Risk Management Techniques, tactics and procedures (TTPs) Symmetric TTPs in digital business Asymmetric TTPs in digital business Application of Intelligence led risk management in digital business Conclusions Questions

4 Threat Intelligence Utilisation

5 What is Threat Intelligence?
Threat intelligence is inferred, evidence-based knowledge including context, mechanisms, indicators, implications and actionable advice about an existing or emerging threat or hazard to assets. It can be used to inform decisions regarding the subject's deployment of countermeasures or response to that hazard or threat or target adversarial assets. If its Done Well!

6 Intelligence Terminology
Information Misinformation Intelligence Actionable Intelligence

7 Information vs Intelligence

8 Intelligence Tools Intelligence Collection Plans PoL Analysis
Link Analysis F3EA Money Tracing OSINT Tools Forming a working Hypothesis Murder groups (its not what you think)

9 Intelligence Products

10 Threat Intelligence in the Business World
Threat Intelligence will identify, categorise and draw recommendations in relation to threats from a number of malicious sources A robust business threat intelligence program, done well, will assist with strategic decisions affecting any number of business critical processes

11 Threat Intelligence in Risk Management
Ad – Hoc Threat Based Formal Risk Management Frameworks Intelligence Led………………….?

12 Intelligence Led Risk Management

13 Tactics, Techniques & Procedures
TTPs How we think How we carry out actions What we like Routes we take Places we go to Places we avoid People we avoid Things we wear People we interact with Our Loyalties Our Ideals Things we eat Things we admire Our Ideology Language we use What we dislike

14 Symmetric TTPs Supported Live Environment Malicious Actor Environment
Defensive Control or Countermeasure Attack Vector Offensive Capability or Toolset Malicious Actor Environment Defensive Control or Countermeasure Attack Vector Offensive Capability or Toolset Defensive Control or Countermeasure Attack Vector Offensive Capability or Toolset Defensive Control or Countermeasure Attack Vector Offensive Capability or Toolset Defensive Control or Countermeasure Attack Vector Offensive Capability or Toolset Defensive Control or Countermeasure Attack Vector Offensive Capability or Toolset

15 Asymmetric TTPs Supported Live Environment Malicious Actor Environment
Defensive Control or Countermeasure Attack Vector Offensive Capability or Toolset Malicious Actor Environment Defensive Control or Countermeasure Attack Vector Offensive Capability or Toolset Compromise of Environment Ineffective Control or Countermeasure Attack Vector Offensive Capability or Toolset Defensive Control or Countermeasure Attack Vector Offensive Capability or Toolset Defensive Control or Countermeasure Attack Vector Offensive Capability or Toolset Defensive Control or Countermeasure Attack Vector Offensive Capability or Toolset

16 Deploy countermeasures
Apply Intelligence Process Understand your defensive capabilities Understand your Vulnerabilities Know your Foe Understand your infrastructure Protect

17 Conclusions Threat intelligence should be at the forefront of everything we do Threat Intelligence is the processing of information into actionable intelligence Intelligence Led Risk Management can save significant sums of money by applying budget only where it is required The key to effective threat intelligence is understanding our estate, vulnerabilities, adversaries and countermeasures Understanding adversarial asymmetric TTPs is vital to understanding which exploits pose most the significant risk Intelligence Led Risk management could be the single most effective means of managing risk to any organisation….. If its done well!

18 Questions. The Fewer you ask, the quicker we’re in the pub……
Questions? The Fewer you ask, the quicker we’re in the pub…….. #justsayin

Download ppt "A quick glace at Intelligence Led Risk Management"

Similar presentations

Disaster Management Civil-Military Coordination

Disaster Management Civil-Military Coordination
Air Force Core Functions

Air Force Core Functions
THE FOLLOWING MINI PRESENTATION ON OPSEC IS TAKEN FROM A US AIR FORCE BRIEFING. ALTHOUGH THIS IS A MILITARY PRESENTATION, IT PROVIDES A GOOD OVERVIEW OF.

THE FOLLOWING MINI PRESENTATION ON OPSEC IS TAKEN FROM A US AIR FORCE BRIEFING. ALTHOUGH THIS IS A MILITARY PRESENTATION, IT PROVIDES A GOOD OVERVIEW OF.
Threat Intelligence Use in Information Security: History, Theory and Practice Tim Gallo Cyber Security Field Engineering 1.

Threat Intelligence Use in Information Security: History, Theory and Practice Tim Gallo Cyber Security Field Engineering 1.
1 Rules for the Use of Force in Military Law Enforcement and Security Duties.

1 Rules for the Use of Force in Military Law Enforcement and Security Duties.
Effective Design of Trusted Information Systems Luděk Novák,

Effective Design of Trusted Information Systems Luděk Novák,
Recognising the Risks of Cyber Threats Across the Organisation John Thornton Secretary to the Digital Government Security Forum.

Recognising the Risks of Cyber Threats Across the Organisation John Thornton Secretary to the Digital Government Security Forum.
Building a Threat Intel Team Ryan Olson Director of Threat Intelligence October, 2014.

Building a Threat Intel Team Ryan Olson Director of Threat Intelligence October, 2014.
INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)

INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)
1-1 CMPE 259 Sensor Networks Katia Obraczka Winter 2005 Security.

1-1 CMPE 259 Sensor Networks Katia Obraczka Winter 2005 Security.
Critical Infrastructure Protection (and Policy) H. Scott Matthews March 25, 2004.

Critical Infrastructure Protection (and Policy) H. Scott Matthews March 25, 2004.
National Institute of Standards and Technology Computer Security Division Information Technology Laboratory Threat Information Sharing; Perspectives, Strategies,

National Institute of Standards and Technology Computer Security Division Information Technology Laboratory Threat Information Sharing; Perspectives, Strategies,
IT Security Readings A summary of Management's Role in Information Security in a Cyber Economy and The Myth of Secure Computing.

IT Security Readings A summary of Management's Role in Information Security in a Cyber Economy and The Myth of Secure Computing.
November 2008 Michael Smith (SAIC) Steve Lockwood (PB Consult) NCHRP Project SP20-59 (17) CAPTA Costing Asset Protection: An All Hazards Guide for Transportation.

November 2008 Michael Smith (SAIC) Steve Lockwood (PB Consult) NCHRP Project SP20-59 (17) CAPTA Costing Asset Protection: An All Hazards Guide for Transportation.
Technician Module 2 Unit 8 Slide 1 MODULE 2 UNIT 8 Prevention, Intelligence & Deterrence.

Technician Module 2 Unit 8 Slide 1 MODULE 2 UNIT 8 Prevention, Intelligence & Deterrence.
The National Intelligence Model (NIM)

The National Intelligence Model (NIM)
Operations Security (OPSEC) 301-371-1050. Introduction  Standard  Application  Objectives  Regulations and Guidance  OPSEC Definition  Indicators.

Operations Security (OPSEC) Introduction  Standard  Application  Objectives  Regulations and Guidance  OPSEC Definition  Indicators.
Process for Analysis  Choose a standard / type  Qualitative / Quantitative Or  Formal / Informal  Select access controls  Match outcome to project.

Process for Analysis  Choose a standard / type  Qualitative / Quantitative Or  Formal / Informal  Select access controls  Match outcome to project.
1 Information System Security Assurance Architecture A Proposed IEEE Standard for Managing Enterprise Risk February 7, 2005 Dr. Ron Ross Computer Security.

1 Information System Security Assurance Architecture A Proposed IEEE Standard for Managing Enterprise Risk February 7, 2005 Dr. Ron Ross Computer Security.
Operational Security PCC. VII-F.1.

Operational Security PCC. VII-F.1.

Similar presentations

Ads by Google