text.skipToContent text.skipToNavigation

Building an Intelligence-Led Security Program von Liska, Allan (eBook)

  • Verlag: Elsevier Reference Monographs
eBook (ePUB)
64,20 €
inkl. gesetzl. MwSt.
Sofort per Download lieferbar

Online verfügbar

Building an Intelligence-Led Security Program

As recently as five years ago, securing a network meant putting in a firewall, intrusion detection system, and installing antivirus software on the desktop. Unfortunately, attackers have grown more nimble and effective, meaning that traditional security programs are no longer effective. Today's effective cyber security programs take these best practices and overlay them with intelligence. Adding cyber threat intelligence can help security teams uncover events not detected by traditional security platforms and correlate seemingly disparate events across the network. Properly-implemented intelligence also makes the life of the security practitioner easier by helping him more effectively prioritize and respond to security incidents. The problem with current efforts is that many security practitioners don't know how to properly implement an intelligence-led program, or are afraid that it is out of their budget. Building an Intelligence-Led Security Program is the first book to show how to implement an intelligence-led program in your enterprise on any budget. It will show you how to implement a security information a security information and event management system, collect and analyze logs, and how to practice real cyber threat intelligence. You'll learn how to understand your network in-depth so that you can protect it in the best possible way. Provides a roadmap and direction on how to build an intelligence-led information security program to protect your company. Learn how to understand your network through logs and client monitoring, so you can effectively evaluate threat intelligence. Learn how to use popular tools such as BIND, SNORT, squid, STIX, TAXII, CyBox, and splunk to conduct network intelligence.
Allan Liska has more than 15 years of experience in the world of information security. Mr. Liska has worked both as a security practitioner and an ethical hacker, so he is familiar with both sides of the security aisle and, through his work at Symantec and iSIGHT Partners, has helped countless organizations improve their security posture using more effective intelligence. In addition to security experience, Mr. Liska also authored the book The Practice of Network Security and contributed the security-focused chapters to The Apache Administrators Handbook.


    Format: ePUB
    Kopierschutz: AdobeDRM
    Seitenzahl: 192
    Sprache: Englisch
    ISBN: 9780128023709
    Verlag: Elsevier Reference Monographs
    Größe: 5798 kBytes
Weiterlesen weniger lesen

Building an Intelligence-Led Security Program

Chapter 2 What is intelligence?


This chapter begins by identifying a useful definition of intelligence before delving into the intelligence cycle and the different types of intelligence. The chapter also discusses the transformation of intelligence into a profession, separated from political influence. It ends by touching on some of the great masters of intelligence throughout the ages.

Intelligence intelligence cycle operational intelligence tactical intelligence strategic intelligence denial and deception Sun Tzu Julius Caesar George Washington Bletchley Park Information in this chapter - Defining Intelligence - The Intelligence Cycle - Types of Intelligence - The Professional Analyst - Denial and Deception - Intelligence Throughout the Ages Introduction

Intelligence is just starting to come into its own within the realm of cyber security, but intelligence as a discipline has a long history in the world of the military and government. In fact, intelligence has existed since before it was a formalized discipline. As discussed later in this chapter, leaders like Sun Tzu and Julius Caesar had very rigorous and well-documented intelligence processes that they followed. These processes contributed greatly to their success - and allowed other leaders to learn from them. Likewise, today there are many security teams that, knowingly or unknowingly, engage in many of the best intelligence practices. But most of the time, intelligence practices are haphazardly implemented without an eye to the big picture. The goal of this chapter is to help the reader understand some of the best intelligence practices outside of the realm of network security. By first understanding the fundamentals of intelligence, as a discipline, organizations can take the best practices and use those practices to improve the effectiveness of the network security teams. A single chapter is not enough to cover all aspects of the intelligence discipline, or to dive deeply into any one topic. Instead, the hope is to start a discussion about changing the way network security is thought of within an organization and improve the ability of teams to effectively address the most important challenges facing their organization. Defining intelligence

Despite the fact that the military and governments have engaged in intelligence activities for thousands of years, there is surprisingly little consensus about the definition of intelligence. A quick review of literature shows a range of definitions, none of which seems complete. The CIA defines intelligence as ( CIA, 1999 ):
Reduced to its simplest terms, intelligence is knowledge and foreknowledge of the world around us - the prelude to decision and action by US policymakers.
On the other hand, the FBI uses the following definition ( FBI, 2014 ):
Simply defined, intelligence is information that has been analyzed and refined so that it is useful to policymakers in making decisions - specifically, decisions about potential threats to our national security.
The Department of Defense (DOD) defines intelligence as ( DOD, 2014 ):
The product resulting from the collection, processing, integration, evaluation, analysis, and interpretation of available information concerning foreign nations, hostile or potentially hostile forces or elements, or areas of actual or potential operations.
The FBI and DOD definitions of intelligence view intelligence as either a product or a proce

Weiterlesen weniger lesen