Security News > 2020 > June > How to establish a threat intelligence program
"You may collect information on an ongoing or future threat to your organization to include who the threat actor is, what are they going after, what is the tactic they will utilize to get in your network, how are they going to move laterally, how are they going to exfil information and when will the activity take place. You can collect all the relevant threat information but without the infrastructure in place to analyze the large amount of data coming in, the organization will not succeed in successfully orienting themselves and acting upon the threat information," Santiago Holley, Global Threat Intelligence Lead at Thermo Fisher Scientific, told Help Net Security.
Holley has worked in multiple threat intelligence and cyber positions over the past ten years, including a stint as a Threat Intelligence Lead with the FBI, and this allows him to offer some advice to security leaders that have been tasked with setting up a robust threat intelligence program for their organization.
One of the first steps towards establishing a threat intelligence program is to know your risk tolerance and set your priorities early, he says.
"You must put potential threats in terms that are meaningful to your audience such as how much risk a threat poses in terms of potential damage alongside which assets and data are at risk," he explained.
"Many times business managers are focused on generating revenue and may see threat intelligence as an unnecessary expense. It is important for security leaders to communicate risk to their business managers and how those contribute to unnecessary cost and time delays if not addressed."
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/QDHpBp3DkqM/