Threat Intelligence

Question 1

What is a Security Intelligence ?

Answer 1

The process where data is generated and is then collected, processed, analyzed, and disseminated to provide insights into the security status of
information systems

Question 2

What is Cyber Threat Intelligence ?

Answer 2

Investigation, collection, analysis, and dissemination of information about emerging threats and threat sources to provide data about the external threat landscape.

2 forms of cyber threat intelligence:
● Narrative Reports
● Data Feeds
In cyber security u use both!

Question 3

What are Narrative Reports ?

Answer 3

Are detailed and analytical documents that describe cybersecurity incidents, findings, or investigations in a structured and comprehensible manner.

Used in Cyber Threat Intelligence

Question 4

What is Data Feeds?

Answer 4

continuous, structured data that provide real-time or periodically updated information.

Used in Cyber Threat Intelligence

Question 5

Tell me about Intelligence Cycle

Answer 5

5 steps, like a wheel:
1. Requirements (Planning & Direction)
2. Collection (& Processing)
3. Analysis
4. Dissemination
5. Feedback

Question 6

Tell me about stage 1 of Intelligence Cycle

Answer 6

1. Requirements (Planning & Direction)
   * Sets out the goals for the intelligence gathering effort
   *What do we want to measure and collect?

Question 7

Tell me about stage 2 of Intelligence Cycle

Answer 7

2. Collection (& Processing)
   
   • Implemented by software tools to gather data which is
     then processed for later analysis
   • The processing part is where we will convert all the
     data into a standard format
   • Factors Used to Evaluate Sources: Timeliness,
     Relevancy, Accuracy and Confidence Level.

Question 8

Tell me about stage 3 of Intelligence Cycle

Answer 8

3. Analysis
   
   • Performed against the given use cases from the
     planning phase and may utilize automated analysis,
     AI, and machine learning
   • Sort into three categories: Known good, known bad
     and not sure- it is the not sure we should investigate
     further

Question 9

Tell me about stage 4 of Intelligence Cycle

Answer 9

4. Dissemination
   
   • Publishes information produced by analysts to
     consumers who need to act on the insights developed
     Strategic, Operational and Tactical

Question 10

Tell me about stage 5 of Intelligence Cycle

Answer 10

5. Feedback
   
   • Aims to clarify requirements and improve the
     collection, analysis, and dissemination of information
     by reviewing current inputs and outputs: Lessons
     learned, Measurable success and Evolving threat
     issues

Question 11

To what part of the Intelligence cycle dose Timeliness,
Relevancy, Accuracy and Confidence Level belongs?

Answer 11

2. Collection (& Processing)

Question 12

What dose Timeliness means and where dose it belong?

Answer 12

Ensures an intelligence source is up-to-date

Belongs to the Intelligence cycle - step 2, Collection (& Processing)

Question 13

What dose Relevancy means and where dose it belong?

Answer 13

Ensures an intelligence source matches its intended use case.

Belongs to the Intelligence cycle - step 2, Collection (& Processing)

Question 14

What dose Accuracy means and where dose it belong?

Answer 14

Ensures an intelligence source produces effective results.

Belongs to the Intelligence cycle - step 2, Collection (& Processing)

Question 15

What dose Confidence Level means and where dose it belong?

Answer 15

Ensures an intelligence source produces qualified statements about reliability.

Belongs to the Intelligence cycle - step 2, Collection (& Processing)

Question 16

Tell me about Evaluation of Source Reliability

Answer 16

A table to evaluate the Reliability of the source.
A - F
(A - the source is reliable, F - the source is not confirmed and is NOT reliable)

Question 17

Tell me about Evaluation of Information Content

Answer 17

A table to evaluate the Information Content
1 - 6
(1- The most reliable information , 6 - is not reliable at all )

Question 18

What are the general sources of information?

Answer 18

1. Proprietary
2. Closed-Source
3. Open-Source

Question 19

Tell me about Proprietary information

Answer 19

Threat intelligence is very widely provided as a commercial service offering, where access to updates and research is subject to a subscription fee

Question 20

Tell me about Closed-Source information

Answer 20

Data derived from the provider’s own research and analysis efforts, such as data from honeynets that they operate, plus information mined from its customers’ systems, suitably anonymized.

Question 21

Tell me about Open-Source information

Answer 21

Data that’s available without subscription, which may include threat feeds, reputation lists, and malware signature databases.

Different sources of open-source intelligence:
US-CERT, UK’s NCSC, AT&T Security (OTX), MISP, VirusTotal, Spamhaus and SANS ISC Suspicious Domains.

Open-Source Intelligence (OSINT)- A method of obtaining information about a person or organization through public records, websites, and social media

Question 22

What kind of information is OSINT ?

Answer 22

Open-Source Intelligence

Question 23

What is the Information Sharing and Analysis Center (ISAC)?

Answer 23

A not-for-profit group set up to share sector-specific threat intelligence and security best practices amongst its members. like Cyber Security Information Sharing Partnership (CISP) in the UK.

exist in many areas including: Critical Infrastructure, Government, Healthcare , Financial and Aviation (like terror events ).

Question 24

What is a Critical Infrastructure?

Answer 24

Any physical or virtual infrastructure that is considered so vital to the United States that their incapacitation or destruction would have a debilitating effect on security, national economic security, national public health or safety, or any combination of these.

there are 16 of those.

Question 25

What dose Risk Management do?

Answer 25

Identifies, evaluates, and prioritizes threats and vulnerabilities to reduce their negative impact.

Question 26

In the intelligence cycle, where do we put Risk Management ?

Answer 26

4. Dissemination To share other people about a weakness we found. Risk management-Identifies, evaluates, and prioritizes threats and vulnerabilities to reduce their negative impact.

Question 27

What is Vulnerability Management? and where in the intelligence cycle do we put it?

Answer 27

4. Dissemination To share other people about a weakness we found. Vulnerability Management- The practice of identifying, classifying, prioritizing, remediating, and mitigating software vulnerabilities

Question 28

Quiz: Which of the following factors evaluates a source to ensure it matches the use case?

Answer 28

Relevancy Relevancy ensures that a source matches its intended use case. Wrong answers: * Timelines ensures an intelligence source is up-to-date. * Accuracy ensures an intelligence source produces effective results. * Confidence Level ensures an intelligence source produces qualified statements about reliability.

Question 29

Quiz: In which phase of the security intelligence cycle is input collected from intelligence producers and consumers to improve the implementation of intelligence requirements?

Answer 29

Feedback The final phase of the security intelligence cycle is feedback and review, which utilizes the input of both intelligence producers and intelligence consumers. The goal of this phase is to improve the implementation of the requirements, collection, analysis, and dissemination phases as the life cycle is developed. Wrong answers: * Collection - pay attention to the q!

Question 30

Quiz: Which level of intelligence is directly used by Security Operations Center (SOC) staff to make real-time decisions in response to system alerts?

Answer 30

Tactical Tactical intelligence refers to the immediate, actionable information necessary for frontline staff, such as SOC analysts, to make decisions about real-time security threats and alerts.

Question 31

What is a Tactical intelligence?

Answer 31

Tactical intelligence refers to the immediate, actionable information necessary for frontline staff, such as SOC analysts, to make decisions about real-time security threats and alerts.

Question 32

What is Operational intelligence?

Answer 32

Operational intelligence Focuses on the ongoing activities and procedures involved in maintaining security, typically used for routine tasks and immediate responses. like what soc using -the program SIEM

Question 33

What is Strategic intelligence?

Answer 33

Strategic intelligence Involves long-term planning and decision-making at the organizational level, addressing overall security posture and resource allocation. like a bullate list

Question 34

What is Analytical intelligence?

Answer 34

Analytical intelligence Relates to the detailed analysis of large data sets to identify patterns, trends, and underlying causes of security issues, supporting informed decision-making for future actions.

Question 35

What is the job of Security engineering?

Answer 35

Security engineering involves **designing, implementing, and maintaining security measures** within systems and networks to protect against threats and vulnerabilities. It encompasses principles, practices, and tools used to build secure infrastructure and applications. Relevance to Threat Intelligence Sharing: Threat intelligence sharing relies on understanding vulnerabilities and attack vectors. Security engineering ensures the systems are resilient enough to incorporate threat intelligence inputs.