Cyber threat information is any information that can help an organization identify, assess, monitor, and respond to cyber threats. Organizations that share cyber threat information can improve their own security postures as well as those of other organizations. ITGCSI provides guidance for establishing and participating in cyber threat information sharing relationships. This guidance helps organizations establish information sharing goals, identify cyber threat information sources, scope information sharing activities, develop rules that control the publication and distribution of threat information, engage with existing sharing communities, and make effective use of threat information in support of the organization’s overall cybersecurity practices.
What is threat intelligence in cyber security?
Threat intelligence, or cyber threat intelligence, is information an organization uses to understand the threats that have, will, or are currently targeting the organization. This info is used to prepare, prevent, and identify cyber threats looking to take advantage of valuable resources
Five Tips to Choose the Right Intelligence Sharing Option
If you decide to reap the benefits of threat intelligence sharing, these five tips will help you choose the right solution for your organization.
As described earlier, a variety of different types of threat sharing options are available. Consider whether you have the budget available to use one or more paid subscription services, or whether your needs can be met by a free service. Threat intelligence sharing also requires time, resources, and expertise. Do you have the internal resources necessary to act quickly on the information and alerts that are likely to come to you through the threat information sharing process? Even if you receive details on only five events a day, will you be able to follow up on each?
Which of the many threat sharing options available would best serve your organization’s needs? Do you want the industry-specific insights available through an ITGCSI? Does your security vendor offer a threat sharing option that might work for you?
Also consider whether you are currently taking advantage of informal, nontechnical threat sharing opportunities available through informal networking. If so, is that sufficient for now, or could it be ramped up or replaced by more formal threat sharing options?
When shopping for a doctor or a mechanic, it’s a good idea to ask your friends and neighbors whom they trust. Do the same with threat intelligence sharing: Let ITGCSI help you navigate this terrain. Ask trusted security professionals at peer organizations if they share their threat information and how pleased they are with the experience. Depending on your budget, resources, and needs, ask detailed questions about the types of threat sharing that interest you.
Whenever you share data about your organization, it goes without saying that you must ensure the data will be fully protected. Carefully vet threat intelligence sharing vendors on their security and privacy protections—and find out what happens if data gets out or some other problem arises. Will your organization be shielded from liability?
Find out if the threat sharing options that appeal to you allow for a trial period. Use that time to determine whether the information you’re receiving makes membership worthwhile, and whether your internal resources can keep pace with the new demands placed on them through the collaboration
A top goal of cybercriminals is to trick you into downloading malware—programs or apps that carry malware or try to steal information. This malware can be disguised as an app: anything from a popular game to something that checks traffic or the weather. So ITGCSI advises you, don’t download apps that look suspicious or come from a site you don’t trust.
Cyber Threat Information Sharing
There is broad consensus that improved information sharing is critical to combating cyber threats.