Log In
Or create an account ->
Imperial Library
Home
About
News
Upload
Forum
Help
Login/SignUp
Index
Title Page
Copyright and Credits
Practical Cyber Intelligence
Dedication
Packt Upsell
Why subscribe?
PacktPub.com
Contributors
About the author
About the reviewer
Packt is searching for authors like you
Preface
Who this book is for
What this book covers
To get the most out of this book
Download the color images
Conventions used
Get in touch
Reviews
The Need for Cyber Intelligence
Need for cyber intelligence
The application of intelligence in the military
Intel stories in history
The American Revolutionary War
Napoleon's use of intelligence
Some types of intelligence
HUMINT or human intelligence
IMINT or image intelligence
MASINT or measurement and signature intelligence
OSINT or open source intelligence
SIGINT or signals intelligence
COMINT or communications intelligence
ELINT or electronic intelligence
FISINT or foreign instrumentation signals intelligence
TECHINT or technical intelligence
MEDINT or medical intelligence
All source intelligence
Intelligence drives operations
Putting theory into practice isn't simple
Understanding the maneuver warfare mentality
Follow the process, the process will save you
What is maneuver warfare?
Tempo
The OODA Loop
Center of gravity and critical vulnerability
Surprise – creating and exploiting opportunity
Combined arms – collaboration
Flexibility
Decentralized command
Summary
Intelligence Development
The information hierarchy
Introduction to the intelligence cycle
The intelligence cycle steps
Step 1 – Planning and direction
Requirements development
Requirements management
Directing the intelligence effort
Requirements satisfaction
Planning the intelligence support system
Step 2 – Collection
Step 3 – Processing
Step 4 – Analysis and Production
Step 5 – Dissemination
Methods
Channels
Modes
Dissemination architecture
Step 6 – Utilization
Summary
Integrating Cyber Intel, Security, and Operations
A different look at operations and security
Developing a strategic cyber intelligence capability
Understanding our priorities
The business architecture
The data/application architecture
Technology architecture
Application of the architectures and cyber intelligence
A look at strategic cyber intelligence – level 1
Introduction to operational security
OPSEC step 1 – identify critical information
OPSEC step 2 – analysis of threats
OPSEC step 3 – analysis of vulnerabilities
OPSEC step 4 – assessment of risk
OPSEC step 5 – application of appropriate countermeasures
OPSEC applicability in a business environment
Cyber intel program roles
Strategic level – IT leadership
Strategic level – cyber intelligence program officer
Tactical level – IT leadership
Tactical level – cyber intelligence program manager
Operational level – IT leadership
Operational level – cyber intelligence analysts
Summary
Using Cyber Intelligence to Enable Active Defense
An introduction to Active Defense
Understanding the Cyber Kill Chain
General principles of Active Defense
Active Defense – principle 1: annoyance
Active Defense – principle 2: attribution
Enticement and entrapment in Active Defense
Scenario A
Scenario B
Types of Active Defense
Types of Active Defense – manual
Types of Active Defense – automatic
An application of tactical level Active Defense
Summary
F3EAD for You and for Me
Understanding targeting
The F3EAD process
F3EAD in practice
F3EAD and the Cyber Kill Chain
Cyber Kill Chain and OODA loop
Cyber Kill Chain and OPSEC
Cyber Kill Chain and the intelligence cycle
Cyber Kill Chain and F3EAD
Application of F3EAD in the commercial space
Limitations of F3EAD
Summary
Integrating Threat Intelligence and Operations
Understanding threat intelligence
Capability Maturity Model – threat intelligence overview
Level 1 – threat intelligence collection capability
Phase initial
Example 1 – Open Threat Exchange – AlienVault
Example 2 - Twitter
Example 3 - Information Sharing and Analysis Centers
Example 4 - news alert notifications
Example 5 - Rich Site Summary feeds
Phase A
Example 1 - Cisco – GOSINT platform
Example 2 - The Malware Information Sharing Platform project
Phase B
Phase C
Level 2 – Threat Information Integration
Phase initial
Phase A
Categorization of items that are applicable to multiple teams
Phase B
Phase C
Summary
Creating the Collaboration Capability
Purpose of collaboration capability
Formal communications
Informal communications
Communication and cyber intelligence process
Methods and tools for collaboration
Service level agreements and organizational level agreements
Responsible accountable supporting consulted informed matrix
Using key risk indicators
Collaboration at the Strategic Level
Executive support
Policies and procedures
Architecture
Understanding dependencies
Prioritized information
Intelligence aggregation
Intelligence reconciliation and presentation
Collaboration at the Tactical Level
Breaking down priority information requirements
Application of the theory
Theory versus reality
Creating the tactical dashboard
Collaboration at the Operational Level
Summary
The Security Stack
Purpose of integration – it's just my POV
Core security service basics
Security Operations Center
The spider
Capabilities among teams
Capability deep dive – Security Configuration Management
Security Configuration Management – core processes
Security Configuration Management – Discovery and Detection
Security Configuration Management – Risk Mitigation
Security Configuration Management – Security State Analysis
Security Configuration Management – Data Exposure and Sharing
Prelude – integrating like services
Integrating cyber intel from different services
Overview – red team methodology
Red team – testing methods
White box
Gray box
Black box
Red team constraints
Red team – graphical representation
Data integration challenges
The end user perspective
The service level perspective – cyber intelligence – Data Exposure and Sharing
The SOC perspective
Capability Maturity Model – InfoSec and cyber intel
Capability Maturity Model - InfoSec and cyber intel – initial phase
Capability Maturity Model - InfoSec and cyber intel – Phase A
Capability Maturity Model - InfoSec and cyber intel – Phase B
Capability Maturity Model - InfoSec and cyber intel – Phase C
Collaboration + Capability = Active Defense
Summary
Driving Cyber Intel
The gap
Another set of eyes
The logic
Event
Incident
Mapping events and incidents to InfoSec capabilities
Capability Maturity Model – security awareness
Capability Maturity Model - security awareness Phase - Initial
Capability Maturity Model - security awareness – Phase A
Capability Maturity Model - security awareness – Phase B
Capability Maturity Model - security awareness – Phase C
Capability Maturity Model - security awareness – Phase C +
Just another day part 1
Summary
Baselines and Anomalies
Setting up camp
Baselines and anomalies
Continuous monitoring – the challenge
Part 1
Part 2
Part 3
Capability Maturity Model – continuous monitoring overview
Level 1 – phase A
Level 1 – phase B
Level 1 – phase C
Capability Maturity Model – continuous monitoring level 2
Scenario 1 – asset management/vulnerability scanning asset inventory
Phase initial
Information gathering
Developing possible solutions
Phase A
Procedure RASCI (example)
Phase B
Regional data centers
Local office environment
Phase C
Scenario 2 – security awareness/continuous monitoring/IT helpdesk
Phase initial
Information gathering
Developing possible solutions
Phase A
Procedure RASCI (example)
Phase B and C – sample questions
Just another day part 2
Summary
Putting Out the Fires
Quick review
Overview – incident response
Preparation and prevention
Detection and analysis
Containment, eradication, and recovery
Post-incident activity
Incident response process and F3EAD integration
Intelligence process tie-in
Capability Maturity Model – incident response
Initial phase
Phase A
Phase B
Phase C
Summary
Vulnerability Management
A quick recap
The Common Vulnerability Scoring System calculator
Base metric group
Temporal metric group
Environmental metric group
CVSS base scoring
Metrics madness
Vulnerability management overview
Capability Maturity Model: vulnerability management – scanning
Initial phase
Phase A
Phase B
Phase C
Capability Maturity Model: vulnerability management – reporting
Initial phase
Phase A
Phase B
Phase C
Capability Maturity Model: vulnerability management – fix
Initial phase
Phase A
Phase B
Phase C
Summary
Risky Business
Risk overview
Treating risk
Risk tolerance and risk appetite
Labeling things platinum, gold, silver, and copper
Differentiating networks
Taking a different look at risk
Review of threat intelligence integration
Capability Maturity Model: risk phase – initial
Improving risk reporting part 1
Capability Maturity Model: risk phase – final
Improving risk reporting part 2
Open source governance risk and compliance tools
Binary Risk Assessment
STREAM cyber risk platform
Practical threat analysis for information security experts
SimpleRisk
Security Officers Management and Analysis Project
Summary
Assigning Metrics
Security configuration management
Developing the risk score
Working in key risk indicators
Summary
Wrapping Up
Just another day part 3
Lessons learned
Other Books You May Enjoy
Leave a review - let other readers know what you think
← Prev
Back
Next →
← Prev
Back
Next →