Consulting, training, design, implementation, maintenance and development of Cyber Security Management Systems and Independent or Integrated Systems for Quality Management (ISO 9001), Information Security Management (ISO 27001), IT Service Management (ISO 20000-1), Business Continuity Management (ISO 22301), EU Global Data Protection Regulaton (GDPR) Contacts: +359 886 655 315; infosecservicebg@gmail.com; http://infosecservicebg.wix.com/study-security
Translate
петък, 26 юни 2015 г.
Кибер разузнаване - стратегическо ниво за действие
INTELLIGENCE AND NATIONAL SECURITY ALLIANCE CYBER INTELLIGENCE (INSA) TASK FORCE - USA
MARCH 2014
www.insaonline.org | 703.224.4672
STRATEGIC CYBER INTELLIGENCE
CYBER INTELLIGENCE TASK FORCE WHITE PAPER SYNOPSIS
The Intelligence and National Security Alliance (INSA) Cyber Intelligence Task Force defined the strategic, operational, and tactical levels of Cyber Intelligence in its white paper The Operational Levels of Cyber Intelligence. While much attention has been directed towards the tactical, on-the-network cyber domain, this paper contends that not enough resources have been devoted to strategic cyber intelligence. The fundamental purpose of this white paper is to promote thought and dialogue on the importance of cyber intelligence, and specifically strategic cyber intelligence, to senior leaders’ risk-informed decision making, ultimately leading to improved strategy, policy, architecture, and investment.
The paper discusses the:
• Nexus between strategic cyber intelligence and risk management in relation to strategic cyber intelligence consumer and producer roles and responsibilities.
• Role of strategic cyber intelligence analysis based upon the National Institute of Standards and Technology (NIST) risk assessment methods: vulnerability-based, threat-based, and impact-based.
• Inextricable linkage between intelligence production and information sharing.
Strategic Cyber Intelligence offers senior leaders an accurate assessment of how to direct cyber-related expenses in line with an organization’s risk heuristic. Leveraging Strategic Cyber Intelligence to address strategic information requirements allows an organization to:
• Effectively assess, explain, and quantify risk to senior management and other key stakeholders.
• Collaborate in a more meaningful manner with members of law enforcement, defense organizations, the intelligence community, and the information security community on interests at large.
• Demonstrate an appropriate standard of diligence to auditors, regulators, and stakeholders.
• Reduce the exposure of the business to regulatory or legal sanctions.
• Demonstrate responsible security resource expenditure by defending not just what is important to the firm but what is relevant to the threat.
The ultimate goal of a such a program is to reduce risk to an organization’s critical mission and assets. It enables senior leadership to make informed decisions and proactively defend the enterprise. To succeed in the cyber domain in 2014 and beyond, strategic cyber intelligence will play a crucial role in defending private companies and government sectors by providing the necessary intelligence to prevent potential incidents that could cripple our security as well as our economy.
Връзка за достъп да целия документ:
http://www.insaonline.org/i/d/a/Resources/StrategicCyber.aspx
Абонамент за:
Коментари за публикацията (Atom)
Няма коментари:
Публикуване на коментар