Кибер разузнаване - стратегическо ниво за действие

INTELLIGENCE AND NATIONAL SECURITY ALLIANCE CYBER INTELLIGENCE (INSA) TASK FORCE - USA

MARCH 2014
 www.insaonline.org | 703.224.4672

STRATEGIC CYBER INTELLIGENCE

CYBER INTELLIGENCE TASK FORCE WHITE PAPER SYNOPSIS 

The Intelligence and National Security Alliance (INSA) Cyber Intelligence Task Force defined the strategic, operational, and tactical levels of Cyber Intelligence in its white paper The Operational Levels of Cyber Intelligence. While much attention has been directed towards the tactical, on-the-network cyber domain, this paper contends that not enough resources have been devoted to strategic cyber intelligence. The fundamental purpose of this white paper is to promote thought and dialogue on the importance of cyber intelligence, and specifically strategic cyber intelligence, to senior leaders’ risk-informed decision making, ultimately leading to improved strategy, policy, architecture, and investment. 

The paper discusses the: 
• Nexus between strategic cyber intelligence and risk management in relation to strategic cyber intelligence consumer and producer roles and responsibilities. 
• Role of strategic cyber intelligence analysis based upon the National Institute of Standards and Technology (NIST) risk assessment methods: vulnerability-based, threat-based, and impact-based. 
• Inextricable linkage between intelligence production and information sharing. 

Strategic Cyber Intelligence offers senior leaders an accurate assessment of how to direct cyber-related expenses in line with an organization’s risk heuristic. Leveraging Strategic Cyber Intelligence to address strategic information requirements allows an organization to: 
• Effectively assess, explain, and quantify risk to senior management and other key stakeholders. 
• Collaborate in a more meaningful manner with members of law enforcement, defense organizations, the intelligence community, and the information security community on interests at large. 
• Demonstrate an appropriate standard of diligence to auditors, regulators, and stakeholders.
 • Reduce the exposure of the business to regulatory or legal sanctions. 
• Demonstrate responsible security resource expenditure by defending not just what is important to the firm but what is relevant to the threat. 

The ultimate goal of a such a program is to reduce risk to an organization’s critical mission and assets. It enables senior leadership to make informed decisions and proactively defend the enterprise. To succeed in the cyber domain in 2014 and beyond, strategic cyber intelligence will play a crucial role in defending private companies and government sectors by providing the necessary intelligence to prevent potential incidents that could cripple our security as well as our economy.

Връзка за достъп да целия документ:
http://www.insaonline.org/i/d/a/Resources/StrategicCyber.aspx