Chapter 6

How Technology Models Operationalize Threat Data

Abstract

Before going out and investing in a cyber-threat capability, we stress the importance of developing an architectural plan to support the mission activities and the type of intelligence needed. This chapter covers to pros and cons of the “build everything” model, the “off-the-shelf” model and final option of combining both ideas.

Keywords

big data

SIM information

log analysis

DLP alerts

After going over the “why” aspect, you were also introduced to a business’ objective to drive a “what” – which is a set of mission activities, and the intelligence or data needs you should have to support activities where the data is sourced internally, externally, or both. In other words, ...

Get How to Define and Build an Effective Cyber Threat Intelligence Capability now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

How to Define and Build an Effective Cyber Threat Intelligence Capability by Henry Dalziel, Eric Olson, James Carnall

How Technology Models Operationalize Threat Data

Abstract

Keywords

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly