Chapter 6

How Technology Models Operationalize Threat Data


Before going out and investing in a cyber-threat capability, we stress the importance of developing an architectural plan to support the mission activities and the type of intelligence needed. This chapter covers to pros and cons of the “build everything” model, the “off-the-shelf” model and final option of combining both ideas.


big data
SIM information
log analysis
DLP alerts
After going over the “why” aspect, you were also introduced to a business’ objective to drive a “what” – which is a set of mission activities, and the intelligence or data needs you should have to support activities where the data is sourced internally, externally, or both. In other words, ...

Get How to Define and Build an Effective Cyber Threat Intelligence Capability now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.