Managing Risk and Information Security by Malcolm W. Harkins

Author:Malcolm W. Harkins
Language: eng
Format: epub, pdf
Publisher: Apress, Berkeley, CA

Structured Methods for Identifying Threat Trends

To identify the real trends in emerging threats among the mass of news and speculation, we need to carefully examine the available information using a structured, analytical approach. Unfortunately, many security groups absorb information about emerging threats using methods that are unstructured and sometimes almost haphazard.

A typical process looks something like this. The security team relies on external sources, such as news feeds and alerts, as well as informal anecdotes, to gather information about emerging threats. Based on this information, the team holds brainstorming sessions to review the threat landscape. The output from these sessions is a list of “top risks.” Security resources are then focused on mitigating the items on the list.

There are several problems with this approach. Information comes from a narrow, limited range of sources, resulting in a blinkered security perspective that tends to stifle creative thinking. Also, the information is usually fragmented, making it difficult for the team to identify trends and gaps in the data. These deficiencies continue through security planning and implementation. Because the team lacks a full view of the threat landscape, it’s hard to determine which threats require immediate attention and how much of the limited security budget they deserve. As a result, risks are incorporated into plans on an ad hoc basis, and not all risks are adequately mitigated. Finally, security teams often don’t have a structured process for communicating threat information to other people within their organizations. Because of this, people outside the security group remain unaware of emerging risks and don’t know how to respond when they experience an attack.

I realized the limitations of this approach several years ago, and began trying to inject more rigor into the risk-sensing strategy . Over time, those efforts progressively developed into a more structured risk-sensing process that helps identify threats, prioritize them, plan responses, and deliver actionable information to those who may need it. Through continued use, risk sensing can become a systemic process within any organization.

The process for analyzing emerging threats includes several valuable techniques that may be unfamiliar to some security groups. I have used a product life cycle analogy to track threats as they mature from theoretical risks into full-blown exploits. I have also used nontraditional analysis techniques, such as war games and threat agent profiles, to encourage creative thinking and identify threats that might otherwise be missed. I’ll discuss these methods in more detail later in this chapter.

The process can be managed by a small core team, supplemented by a broad set of experts (including people outside the security group) across an organization. This arrangement ensures continuity while enabling the team to mine a diverse variety of sources to get a more complete picture of immediate and future threats.

Security team members should research a wide range of security topics in depth. This diversity of perspective and discussion essentially creates a crowd-sourcing of intelligence and reduces the influence of any single person’s bias. Team members use typical sources, such as external feeds and analysis;

Download

Copyright Disclaimer:
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.