Reports
CTI
Cyber Threat Intelligence in Government: A guide for decision makers and analysts - This is an interesting read on how to set up a CTI function and run it so that it delivers actionable intelligence to the organisation. Note that this report/guide is tailored for the UK government. The general principles and information applies such as how to deliver a CTI capability, how to set a CTI strategy, what a CTI function should deliver, how that content should be delivered and how to effectively resource a capability. The report covers the value of creating a CTI function and the steps to create this function. It shares recommended templates too. Next, it goes into detail each stages of the 5 CTI lifecycle. (a) Direction: Steps to define and set the strategy and requirements for CTI team through Cyber Threat Assessment. (b) Collection: Collect data manually or through automation. (c) Processing: Reputation, Relevance and Quality of the information. (d) Analysis: Present and tailor actionable intelligence to the audience and threat actor reports. (e) Dissemination: Disclosure of reports to internal and external parties with proper security classification. Once the CTI function has been set up, continous improvement is required through deliverable metrics to measure the quality of products and KPIs. The last section covers the structure of a CTI team and their key responsibilities, as well as manpower resource and training.
Last updated