Introduces "Hui's Hierarchy of CTIs", a reference model upon which cyber threat intelligence (CTI) can be classified, a 5W1H model for CTI contexts, and illustrates through examples what CTIs IR and TRM will find useful.
Cyber Threat Intelligence: What do we Want? The Incident Response and Technology Risk Management Perspectives
1. Cyber Threat
Intelligence
What do we Want?
The Incident Response and
Technology Risk Management Perspectives
September 2nd 2016 @ SecureHongKong
Albert Hui GREM, GCFA, GCFE, GNFA, GCIA, GCIH, GXPN, GPEN, GAWN, GSNA, GSEC, CISA, CISM, CRISC
S ec urI ty Ro ni n
Hong Kong
A helicopter was flying around above Seattle when an electrical malfunction disabled all of the aircraft's electronic navigation and communications qquipment. Due to the clouds and haze, the pilot could not determine the helicopter's position and course to fly to the airport. The pilot saw a tall building, flew toward it, circled, drew a handwritten sign, and held it in the helicopter's window. The pilot's sign said "WHERE AM I?" in large letters. People in the tall building quickly responded to the aircraft, drew a large sign and held it in a building window. Their sign read: "YOU ARE IN A HELICOPTER." The pilot smiled, waved, looked at her map, determined the course to steer to SEATAC airport, and landed safely. After they were on the ground, the co-pilot asked the pilot how the "YOU ARE IN A HELICOPTER" sign helped determine their position. The pilot responded "I knew that had to be the Microsoft building because, like their technical support, online help and product documentation, the response they gave me was technically correct, but completely useless.”