Information Security Forum Launches - Threat Intelligence Report

The Information Security Forum (ISF), the world's leading, independent authority on cyber security and information risk management, recently released Threat Intelligence: React and Prepare, the organisation's latest report which equips organisations to gain value from threat intelligence by implementing the ISF Approach for Managing a Threat Intelligence Capability. 

Since its inception, threat intelligence has been growing in prominence. 

Most organisations have considered building a threat intelligence capability, however, many question the potential value. The answer lies in understanding how threat intelligence is produced and its content.

"While organisations continue to rely on well-established security practices, many are seeking additional ways to keep pace with the increasing torrent of attacks," said Steve Durbin, Managing Director, ISF. "To efficiently manage cyber risks, organisations must build an accurate view of the threats they face, their capabilities, intentions and actions, and respond accordingly. 

“Many organisations are looking to threat intelligence for this view of their adversaries, but often find it to be ill-defined, costly to buy or produce, and difficult to integrate into decision making. This leads to a failure to deliver the expected business aims."

Threat intelligence is information about past, present and predicted attacks against an organisation from adversarial threats and is produced through analysis of available information. 

This insight supports information security professionals to make better decisions when managing cyber risk and enables actions that prepare the organization to not only react to today's threats, but also prepare for the future. In today's climate of insecurity, threat intelligence is fast becoming a crucial tool which delivers advantage over adversaries and competitors.

However, ISF research has found that threat intelligence is failing to deliver on its promise. While 82% of ISF Members surveyed have a threat intelligence capability, with the remaining 18% planning to implement one in the next twelve months, only 25% of those surveyed believe their capability is fully delivering the expected business objectives. 

Threat Intelligence: React and Prepare addresses the five common problems that cause this failure and explains how to build and manage a threat intelligence capability which delivers palpable value. Only once these actions have been taken will threat intelligence deliver on its promised value, supporting those business goals which so often remain unfulfilled.

"While threat intelligence seldom leads to control over adversaries, it enables the organisation to make more informed decisions in the areas it does control, the vulnerabilities and associated business impact," continued Durbin. "To ensure threat intelligence delivers value, we recommend that organisations use the ISF Approach for Managing a Threat Intelligence Capability, which provides the ISF definition for threat intelligence, reinforced by three key concepts: the production, content and use of threat intelligence. 

“The ISF Approach for Managing a Threat Intelligence Capability uses the intelligence cycle to produce threat intelligence which meets the requirements to inform decisions and enable actions. It also addresses a number of practical considerations which affect the management of a threat intelligence capability." 

Organisations must prepare themselves for unprecedented levels of collaboration to counter threats. Innovations such as machine learning, big data and predictive analytics are already being explored by leading organisations to transform threat intelligence capabilities. 

The ISF Approach for Managing a Threat Intelligence Capability explains the concepts of effective threat intelligence and how they can be achieved using the intelligence cycle. Requirements-driven and skillfully produced through analysis, threat intelligence harnesses the expertise and experience of others to provide insight into past, present and predicted attacks against an organisation. 

Threat Intelligence: React and Prepare is aimed at senior business executives, up to and including board level, who are considering, planning, building or operating a threat intelligence capability. 

Founded in 1989, the Information Security Forum (ISF) is an independent, not-for-profit association of leading organisations from around the world. The organisation is dedicated to investigating, clarifying and resolving key issues in cyber, information security and risk management and developing best practice methodologies, processes and solutions that meet the business needs of its Members.

ISF Members benefit from harnessing and sharing in-depth knowledge and practical experience drawn from within their organizations and developed through an extensive research and work program. The ISF provides a confidential forum and framework, which ensures that Members adopt leading-edge information security strategies and solutions.

By working together, ISF Members avoid the major expenditure required to reach the same goals on their own. Consultancy services are available and provide ISF Members and Non-Members with the opportunity to purchase short-term, professional support activities to supplement the implementation of ISF products.

PR Log:

You Might Also Read:

Getting Threat Intelligence Right:

How To Integrate Threat Intelligence:

Threat Intelligence Starter Resources:

 

« UK Fraud Hotspots Revealed
IoT Will Change (Almost) Everything In Cybersecurity »

CyberSecurity Jobsite
Check Point

Directory of Suppliers

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

MetaCompliance

MetaCompliance

MetaCompliance is a cyber security and compliance organisation that helps transform your company culture and safeguard your data and values.

Global Forum on Cyber Expertise (GFCE)

Global Forum on Cyber Expertise (GFCE)

GFCE is a global platform for countries, international organizations and private companies to exchange best practices and expertise on cyber capacity building.

Korea Information Security Industry Association (KISIA)

Korea Information Security Industry Association (KISIA)

KISIA is a non-profit organization for the information security industry in Korea.

Global Security Network (GSN)

Global Security Network (GSN)

GSN focuses on specialized IT Security solutions & services for the military, law enforcement, critical infrastructure and oil & gas sectors in the Middle East.

Emirates International Accreditation Center (EIAC)

Emirates International Accreditation Center (EIAC)

EIACI is the national accreditation body for the United Arab Emirates. The directory of members provides details of organisations offering certification services for ISO 27001.

Aergo

Aergo

Aergo offers an easier and more proven way to adopt blockchain and transform your business while building on your existing IT and cloud assets.

Munich Re

Munich Re

Munich Re is a leading global provider of reinsurance, primary insurance and insurance-related risk solutions including Cyber.

Trail of Bits

Trail of Bits

Trail of Bits combine high-end security research with a real-world attacker mentality to reduce risk and fortify code.

Riskaware

Riskaware

CyberAware, by Riskaware, provides business-critical cyber attack analysis and impact assessments using NIST standards aligned with NCSC guidance.

PKF Infuse

PKF Infuse

PKF Infuse provide the highest level of cybersecurity support, implementing practical solutions to protect against cyber-attacks, from simple phishing scams to complex data security breaches.

Zilla Security

Zilla Security

Zilla combines identity governance with cloud security to deliver comprehensive access visibility, reviews, lifecycle management, and policy-based security remediation.

Boecore

Boecore

Boecore is an aerospace and defense engineering company that specializes in software solutions, systems engineering, cybersecurity, enterprise networks, and mission operations.

Astran

Astran

At Astran, we revolutionize data security by introducing a groundbreaking solution for data confidentiality headaches.

Advania UK

Advania UK

Advania are one of Microsoft’s leading partners in the UK, specialising in Azure, Security, Dynamics 365 and Microsoft 365.

Yondu

Yondu

Yondu empowers businesses across various industries through a wide array of innovative technology solutions to help them scale in the new digital economy.

Algoritha

Algoritha

Algoritha is a pioneering entity in the realm of security and forensic services.