We’ve done a great series of posts explaining the cyber risk intelligence process. I wanted to take a moment and put it all together in summary form:
- Take the time to identify your assets. The more you document, the better off you will be.
- Create a list of scenarios — the things you absolutely cannot allow to happen.
- Identify the actions an adversary would take as it moved towards executing an attack against you. We call this an indicator list.
- Do all you can to understand what is going on in the external threat environment.
- Match your feeds from the external threat environment against your internal list of assets.
- Check the “matches” you observe against your indicator list. Monitor for “indicator progression”.
- Warn your boss when the things when the evidence is beginning to mount — but when you still have time to mitigate.