book

How to Define and Build an Effective Cyber Threat Intelligence Capability

by Henry Dalziel, Eric Olson, James Carnall

December 2014

Intermediate to advanced

42 pages

57m

English

Syngress

Read now

Unlock full access

Cover
Title page
Table of Contents
Copyright
Author Biography
Contributing Editors' Biography
Chapter 1: Introduction
Abstract
Chapter 2: A Problem Well-Defined is Half-Solved
Abstracts2.1. Data feeds vs. intelligence2.2. Defining threat intelligence
Chapter 3: Defining Business Objectives or “Start with Why”
Abstract3.1. When defining business objectives, language matters
Chapter 4: Common Objectives of a Threat Intelligence Program
Abstract4.1. Once you have your why...

Chapter 5: Translating Objectives into Needs, or “Why Drives What”
Abstract5.1. Illustration: translating the objective into concrete intelligence needs
Chapter 6: How Technology Models Operationalize Threat Data
Abstract6.1. How- labor options or “how much do I do myself?”6.2. Implementation – the best laid plans
Chapter 7: Who: Given Why, What, and How, Now You Can Ask Where To Get It
Abstract7.1. Reporting and management communication7.2. Defining and articulating budget needs
Chapter 8: Conclusion and Recap
Abstract

Content preview from How to Define and Build an Effective Cyber Threat Intelligence Capability

Chapter 6

How Technology Models Operationalize Threat Data

Abstract

Before going out and investing in a cyber-threat capability, we stress the importance of developing an architectural plan to support the mission activities and the type of intelligence needed. This chapter covers to pros and cons of the “build everything” model, the “off-the-shelf” model and final option of combining both ideas.

Keywords

big data

SIM information

log analysis

DLP alerts

After going over the “why” aspect, you were also introduced to a business’ objective to drive a “what” – which is a set of mission activities, and the intelligence or data needs you should have to support activities where the data is sourced internally, externally, or both. In other words, ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Insider Threat: A Guide to Understanding, Detecting, and Defending Against the Enemy from Within

Publisher Resources

ISBN: 9780128027301

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design