Successfully reported this slideshow.
Your SlideShare is downloading. ×

Setting Your CTI Process In Motion

Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Loading in …3
×

Check these out next

1 of 23 Ad

More Related Content

Recently uploaded (20)

Advertisement

Setting Your CTI Process In Motion

  1. 1. ENISA CTI-EU Conference 2022 Andreas Sfakianakis CTI Professional
  2. 2. § CTI in Financial, Energy, and Technology sectors § ENISA, FIRST.org, SANS, European Commission § Twitter: @asfakian Mastodon: @asfakian@infosec.exchange § Websites: www.threatintel.eu www.sandgroup.eu tilting at windmills
  3. 3. Setting the scene Workflow & Case Management Basic Ingredients
  4. 4. Problem Statement(s)
  5. 5. Image from gatewaytotheclassics.com
  6. 6. Image from bestofspain.es
  7. 7. Workflow, Coordination & Collaboration Knowledge Management Metrics
  8. 8. § Tagging § Custom Fields § Easy searching and filtering § Rate your sources § Control access
  9. 9. Management • Time spent per PIR • CTI assessments per threat type/threat actor • CTI assessments(or time spent) supporting IR • Quantitative feedback received per PIR • Time spent on RFIs per stakeholder Team • Sources mostly used • CTI deliverables per PIR • CTI deliverables per stakeholder • Average time spent per CTI deliverable • CTI analysts’ workload • Time spent on CTI projects
  10. 10. Image from heritage-history.com
  11. 11. Some TIPs Recommendation is to live off the land (at least at the start of your journey)
  12. 12. Remember § Data into buckets § Consistency is key § Spend time to save time
  13. 13. Request For Information (RFI) Feedback Mechanism
  14. 14. Image from elladocomicodedonquijote.wordpress.com
  15. 15. §A common shortcoming of CTI teams §The importance of workflow and case management §The basic ingredients
  16. 16. Planning Collection Processing Analysis Dissemination Feedback CTI Process
  17. 17. Andreas Sfakianakis @asfakian threatintel.eu / sandgroup.eu Sharing is caring

×