What is Cyber ​​Threat Intelligence?

Cyber ​​Threat Intelligence can be summarized as collecting and analyzing data about threats that may turn into attacks, from various media and sources, and making necessary communication of the obtained threat information before the attacks occur.

Cyber ​​Threat Intelligence Inputs

Cyber ​​Threat Intelligence should be fed from as many sources as possible, the more sources analyzed, the more likely it is to identify potential threats. Cyber ​​Threat Intelligence can be fed from the following sources:

• Intelligence Platforms
• Log Files
• Incident Response Reports
• Firewall Logs
• DNS Logs
• Security Controls
• Bloglar
• Black Lists
• Social Media

Cyber ​​Threat Intelligence Outputs

The data obtained as a result of Cyber ​​Threat Intelligence is analyzed by the analysts and transformed into information that will add value to the corporate cyber security. The information available is listed below:

• Hijacked user account information
• Sources spreading detected malware
• Individual user IPs in danger
• Phishing IPs and domains
• Credit card information seized or sold by cyber crooks
• Hijacked device information
• Botnet command and control (C2) addresses and domains
• Information that may affect the corporate brand or image

 

The Importance of Cyber ​​Threat Intelligence for ISO 27001

Information security requirements; policies and regulations should be defined using a variety of methods such as case studies, Risk Analysis and threat modeling. In addition, information security requirements should be updated regularly to counter new potential threats. Cyber ​​Threat Intelligence enables the determination of requirements and the updating of existing requirements effectively.

Cyber ​​Threat Intelligence is closely related to the following ISO 27001 Annex-A controls;

• 6.2.2 remote work
• 8.1.3 acceptable use of assets
• 9.1.2 Access to networks and network services
• 9.2.4 Management of confidential authentication information of users
• 9.3.1 Use of confidential authentication information
• 9.4.5 Access control to program source code
• 12.2.1 Checks against malware
• 12.4.1 Event recording
• 12.5.1 Software installation on operational systems
• 12.6.1 Management of technical gaps
• 13.1.1 Network controls
• 13.1.2 Security of network services
• 13.2.3 Electronic messaging
• 14.1.1 Information security requirements analysis and specification
• 14.1.2 Securing application services on public networks
• 14.1.3 Protection of application service processes
• 14.2.3 Technical review of applications after operating platform changes
• 14.2.4 Restrictions on changes to software packages
• 14.2.5 Safe systems engineering principles
• 14.2.8 System security testing
• 16.1.3 Reporting of information security vulnerabilities
• 16.1.4 Evaluation and decision making in information security incidents
• 16.1.5 Responding to information security breach incidents
• 16.1.6 Lessons learned from information security breach incidents
• 16.1.7 Evidence collection
• 18.1.2 Intellectual property rights
• 18.1.4 Confidentiality and protection of personally identifiable information
• 18.2.3 Technical compliance review

Contribution of Cyber ​​Threat Intelligence to Institutions

Cyber ​​threat intelligence plays an important role in helping organizations develop a proactive cybersecurity stance and support overall risk management policies.
Cyber ​​threat intelligence prevents data loss by reducing data leakage and provides organizations with viable strategy and tactical options.
Cyber ​​threat intelligence applications help prevent the exploitation of enterprise resources by detecting open sources of exploitation, while reducing the potential effects of threats.

---