Back

Evaluate cyber threat intelligence.


CONTROL ID
12747
CONTROL TYPE
Process or Activity
CLASSIFICATION
Detective

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Establish, implement, and maintain cyber threat intelligence tools., CC ID: 12696

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • AIs should closely monitor trends and developments in emerging fraudulent techniques related to the use of e-banking channels, and regularly enhance or adjust their fraud monitoring systems and remediation process whenever there is a need. During the process, AIs should take into account any fraud i… (§ 8.1.2, Hong Kong Monetary Authority Supervisory Policy Manual TM-E-1 Risk Management of E-Banking, V.3)
  • Financial entities shall have in place capabilities and staff to gather information on vulnerabilities and cyber threats, ICT-related incidents, in particular cyber-attacks, and analyse the impact they are likely to have on their digital operational resilience. (Art. 13.1., Regulation (EU) 2022/2554 of the European Parliament and of the Council of 14 December 2022 on digital operational resilience for the financial sector and amending Regulations (EC) No 1060/2009, (EU) No 648/2012, (EU) No 600/2014, (EU) No 909/2014 and (EU) 2016/1011 (Text with EEA relevance))
  • Information security is a complex issue, so the persons responsible for it must familiarise themselves with it very carefully. There are many sources of information available that can be used in this regard. These include, among other things, existing standards, Internet publications, and other publ… (§ 4.2 Bullet 6 ¶ 1, BSI Standard 200-1, Information Security Management Systems (ISMS), Version 1.0)
  • Information relating to information security threats should be collected and analysed to produce threat intelligence. (§ 5.7 Control, ISO/IEC 27002:2022, Information security, cybersecurity and privacy protection — Information security controls, Third Edition)
  • The organization considers threat intelligence received from the organization's participants, service and utility providers and other industry organizations. (ID.RA-5.2, CRI Profile, v1.2)
  • The organization considers threat intelligence received from the organization's participants, service and utility providers and other industry organizations. (ID.RA-5.2, Financial Services Sector Cybersecurity Profile, Version 1.0.0)
  • A threat intelligence program helps an organization generate their own threat intelligence information and track trends to inform defensive priorities to mitigate risk. (M1019 Threat Intelligence Program, MITRE ATT&CK®, Enterprise Mitigations, Version 13.1)
  • Principle: Firms should use cyber threat intelligence to improve their ability to identify, detect and respond to cybersecurity threats. Effective practices include: - assigning responsibility for cybersecurity intelligence gathering and analysis at the organizational and individual levels; - establ… (Cyber Intelligence and Information Sharing, Report on Cybersecurity Practices)
  • Boundary Cyberspace Defense (BCD) Actions monitor and defend the connections to/from CSPs via an authorized BCAP. BCD Actions guard against the risk that each CSP interconnection poses to the DoDIN individually, along with cross-CSP analysis for all connections flowing through an individual BCAP. Wh… (Section 6.2.1 ¶ 1, Department of Defense Cloud Computing Security Requirements Guide, Version 1, Release 3)
  • Determine whether management considers threat intelligence in risk identification efforts. (App A Objective 5:2d, FFIEC Business Continuity Planning (BCP) IT Examination Handbook, November 2019)
  • Accurately characterize targets. (T0561, National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework, NIST Special Publication 800-181)
  • Assess all-source intelligence and recommend targets to support cyber operation objectives. (T0576, National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework, NIST Special Publication 800-181)
  • Identify and conduct analysis of target communications to identify information essential to support operations. (T0607, National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework, NIST Special Publication 800-181)
  • Conduct independent in-depth target and technical analysis including target-specific information (e.g., cultural, organizational, political) that results in access. (T0614, National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework, NIST Special Publication 800-181)
  • Coordinate with the intelligence planning team to assess capability to satisfy assigned intelligence tasks. (T0637, National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework, NIST Special Publication 800-181)
  • Conduct and document an assessment of the collection results using established procedures. (T0675, National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework, NIST Special Publication 800-181)
  • Examine intercept-related metadata and content with an understanding of targeting significance. (T0695, National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework, NIST Special Publication 800-181)
  • Identify all available partner intelligence capabilities and limitations supporting cyber operations. (T0709, National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework, NIST Special Publication 800-181)
  • Evaluate extent to which collected information and/or produced intelligence satisfy information requests. (T0689, National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework, NIST Special Publication 800-181)
  • Evaluate intelligence estimates to support the planning cycle. (T0690, National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework, NIST Special Publication 800-181)
  • Conduct target research and analysis. (T0624, National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework, NIST Special Publication 800-181)
  • Identify collection gaps and potential collection strategies against targets. (T0715, National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework, NIST Special Publication 800-181)
  • Identify intelligence gaps and shortfalls. (T0718, National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework, NIST Special Publication 800-181)
  • Identify cyber intelligence gaps and shortfalls for cyber operational planning. (T0719, National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework, NIST Special Publication 800-181)
  • Produce target system analysis products. (T0776, National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework, NIST Special Publication 800-181)
  • Review appropriate information sources to determine validity and relevance of information gathered. (T0802, National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework, NIST Special Publication 800-181)
  • Assess, document, and apply a target's motivation and/or frame of reference to facilitate analysis, targeting and collection opportunities. (T0839, National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework, NIST Special Publication 800-181)
  • Assess target vulnerabilities and/or operational capabilities to determine course of action. (T0579, National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework, NIST Special Publication 800-181)
  • Work closely with planners, analysts, and collection managers to identify intelligence gaps and ensure intelligence requirements are accurate and up-to-date. (T0835, National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework, NIST Special Publication 800-181)
  • Monitor operational status and effectiveness of the processing, exploitation and dissemination architecture. (T0753, National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework, NIST Special Publication 800-181)
  • Cyber resiliency analysis assumes an architectural, operational, and threat context for the system being analyzed. These contextual assumptions provide the starting point for a detailed analysis of how an adversary could affect the system and thereby cause harm to the mission or business functions i… (3.2.3.2 ¶ 1, NIST SP 800-160, Developing Cyber-Resilient Systems: A Systems Security Engineering Approach, Volume 2, Revision 1)
  • Conduct and document an assessment of the collection results using established procedures. (T0675, Reference Spreadsheet for the Workforce Framework for Cybersecurity (NICE Framework)”, July 7, 2020)
  • Evaluate extent to which collected information and/or produced intelligence satisfy information requests. (T0689, Reference Spreadsheet for the Workforce Framework for Cybersecurity (NICE Framework)”, July 7, 2020)
  • Evaluate intelligence estimates to support the planning cycle. (T0690, Reference Spreadsheet for the Workforce Framework for Cybersecurity (NICE Framework)”, July 7, 2020)
  • Examine intercept-related metadata and content with an understanding of targeting significance. (T0695, Reference Spreadsheet for the Workforce Framework for Cybersecurity (NICE Framework)”, July 7, 2020)
  • Review appropriate information sources to determine validity and relevance of information gathered. (T0802, Reference Spreadsheet for the Workforce Framework for Cybersecurity (NICE Framework)”, July 7, 2020)
  • Assess, document, and apply a target's motivation and/or frame of reference to facilitate analysis, targeting and collection opportunities. (T0839, Reference Spreadsheet for the Workforce Framework for Cybersecurity (NICE Framework)”, July 7, 2020)
  • Work closely with planners, analysts, and collection managers to identify intelligence gaps and ensure intelligence requirements are accurate and up-to-date. (T0835, Reference Spreadsheet for the Workforce Framework for Cybersecurity (NICE Framework)”, July 7, 2020)
  • Produce target system analysis products. (T0776, Reference Spreadsheet for the Workforce Framework for Cybersecurity (NICE Framework)”, July 7, 2020)
  • Identify all available partner intelligence capabilities and limitations supporting cyber operations. (T0709, Reference Spreadsheet for the Workforce Framework for Cybersecurity (NICE Framework)”, July 7, 2020)
  • Assess target vulnerabilities and/or operational capabilities to determine course of action. (T0579, Reference Spreadsheet for the Workforce Framework for Cybersecurity (NICE Framework)”, July 7, 2020)
  • Conduct independent in-depth target and technical analysis including target-specific information (e.g., cultural, organizational, political) that results in access. (T0614, Reference Spreadsheet for the Workforce Framework for Cybersecurity (NICE Framework)”, July 7, 2020)
  • Assess all-source intelligence and recommend targets to support cyber operation objectives. (T0576, Reference Spreadsheet for the Workforce Framework for Cybersecurity (NICE Framework)”, July 7, 2020)
  • Monitor operational status and effectiveness of the processing, exploitation and dissemination architecture. (T0753, Reference Spreadsheet for the Workforce Framework for Cybersecurity (NICE Framework)”, July 7, 2020)
  • Cyber threat intelligence and other contextual information are integrated into the analysis (DE.AE-07, Framework for Improving Critical Infrastructure Cybersecurity, v2.0)