This document outlines a cyber threat intelligence (CTI) project for Strong Manufacturing Corp. It discusses CTI concepts like the intelligence lifecycle and team structure. It proposes a CTI team of 6 members and describes how the team would integrate with security operations, incident response, and external organizations. The document also covers threat modeling approaches like PASTA and proposes a 50/20/30 budgeting strategy to fund CTI training, partnerships, and tools.

1. CTI Project for Strong Manufacturing Corp
CYB 6040 Course
Wilmington University
Prof: Cody Dostal
Group members:
Stephane B Diakite, Irish Palmer, Jaime Rafael Daza Gonzalez
October 15, 2023

3. Common Cyberthreats

4. Cyber Threat Intelligence Overview
• Cyber Threat Intelligence (CTI) involves collecting, analyzing, and interpreting
information about cyber threats and vulnerabilities to inform decision-making
and enhance security measures.
• Cyber threat intelligence itself is not a solution, but it is a crucial security
architecture component. Because of evolving threats, security solutions are only
as effective as the intelligence powering them.
(Staff, n.d.)

5. Communication and Cyber
Intelligence Process
Strategic intelligence is a high-level overview of
the organization’s threat landscape in terms of
business trends. The company board of directors
and executive-level security professionals are the key
decision-makers in organizations.
Operational intelligence outlines the potential
threats including information on where an attack
may come from, and how likely the attack is to
happen.

6. Communication and Cyber
Intelligence Process
Tactical intelligence is designed to fight specific
threats when and where they occur. It collects in
real-time if an incident occurs and reports how your
security tools SIEM, firewall, EDR, etc. will act as
remediation.
The technical level helps the organization
understand its potential security threats, provide
faster incident responses, and reduce costs
associated with data breaches.

7. Platforms & Benefits Of CTI
Proactive Defense: acting in anticipation against
threats through cyber and cognitive domains’
Incident Response: identify the scope of events,
contain the damage, and eradicate the root of the incident.
Informed Decision Making: provide insights for
strategic security decisions.
Compliance: the conscious effort of an organization to
conform to specifications or laws (Enaohwo, 2022).

8. People, Process, and Technology in
CTI
Process: how do we plan on getting there?
Technology: the tools that people use to put the process
into action.
People: workforce at the company’s disposal
“Technology is implemented by people using specific
processes” (Snedaker & Rima, 2014).

9. People, Process and Technologies Cont’
Technology
IT Personnel
CTI team
CISOs & Executives
Seniors' leaderships
Industry reports and
advisories
Government alert
3rd party involvement
Laws and Regulations
Open-Source intel (OSINT)
Closed-Source intel (CSINT)
Technical intel (TECHINT)
Human intel (HUMINT)
Analytical Frameworks
Continuous improvement

10. CTI Gathering and
Contextualization

11. Cyber Threat Intelligence Lifecycle
Planning: Set requirements, goals, and methods
for intelligence gathering to answer a specific
question.
Collection – The process of gathering information
from sources.
Processing – Organizing information gathered in
the Collection phase.

12. Cyber Threat Intelligence Lifecycle
Analysis – Examining information to place
relevance, priority, and potential actional items
Dissemination – Delivering information to the
teams that can best utilize it.
Feedback – Asking did the information gathered
answers the question, helps or enhances a team’s
objective. What information does the team still
need?

13. CTI Team Structure
It consists of 6 individuals as shown below
CTI Manager (1): Oversees operations, and strategy, and liaises with upper
management.
Senior CTI Analysts (2): Experienced analysts for in-depth analysis and strategy
formulation.
CTI Analysts (2): Junior analysts for daily threat monitoring and initial analysis.
Interns (1): Supporting analysts, conducting research, and assisting in report
creation.

14. CTI Team Placement
There are 3 steps to aligning CTI, SOC, and IR for action
CTI-IR-SOC communication protocol Aligning with MITRE ATT&CK framework
A performance boost for SOC and IR with knowledge packs.
Aligning with Log4 Suspicious indicator

15. Integration with Company
Operations
The interplay between CTI, SOC, and IR involves:
• A CTI Sharing: exchanging information and knowledge to address cyber
threats.
• Unified Reporting: a collaborative security measure through reporting
mechanisms
• Collaborative Analysis: providing insights from cooperation and
collaboration

16. External Organizations
• ISACs: Information Sharing and Analysis Center
• ND-ISACs: They represent the ISAC for the Defense Industrial Base
• 3rd party firms: Intervene when dealing with complex CTI issues
• FBI

17. Threat Modelling
• Threat modeling prioritizes threats, mitigation efforts, and budgeting.
• Threat modeling improves an organization’s security posture.
• Threat modeling identifies and eliminates a single point of failure (Mallory,
2020).

18. PASTA Threat Modeling
Process of Attack Simulation and Threat Analysis
(PASTA) was created in 2015 by the consulting firm
VerSprite.
PASTA threat modeling is the combination of an
attacker standpoint of a business with risk and
impact analysis to form a complete picture of the
threats to products and applications, their
vulnerability to attack, and informed decisions about
risk and priorities for fixes (Staff C., 2022).

19. Seven stages of the PASTA threat
modeling framework
• Stage 1: Define your business objectives.
Concentrate and comprehend all applications or products on
what is essential to your business. Business objectives are in
check internally and externally. Partners, clients, or regulatory
frameworks to protect assets and customers to avoid reputation
risks.
• Stage 2: Define the technical scope of assets and
components.
Understand the attack surface and develop a protection
concept. Identify each business element to configure any
discrepancy. Be as comprehensive as possible to avoid
damaging the application and allow a threat to be discovered.
(Staff C., 2022)

20. Seven stages of the PASTA threat
modeling framework
• Stage 3: Application factoring and identifying
application controls.
Map and understand the relationships between components.
Identify users and their permissions, assets, data, services,
hardware, and software to avoid exploitation and become
targets for attack.
Stage 4: Threat analysis based on threat intelligence.
Research and find the credible threats that affect your industry and
products, build a threat library and application logs to understand the
behavior of attacks, and ensure the existing protections have been
mitigated.

21. Seven stages of the PASTA threat
modeling framework
Stage 5: Vulnerability detection
The map which weaknesses will break under threats. Identify the
attack surface and look for vulnerabilities, design flaws, and
weaknesses in the system configuration or architecture.
(Staff C., 2022)
Stage 6: Analyze and model attacks
This stage is the attacker stage. The aim is to emulate the attacks
that could exploit any identified weaknesses or vulnerabilities. The
PASTA threat modeling methodology suggests building attack trees,
which map threats, attacks, and vulnerabilities, to create a blueprint of
exploited applications.

22. Seven stages of the PASTA threat
modeling framework
Stage 7: Risk/ impact analysis and development of
countermeasures
At this stage organizations must create countermeasures
appropriate to the business, product, and the actual threats
you face.
(Staff C., 2022)

23. Budgeting Strategies
• To respond efficiently to Strong Manufacturing’s needs and
infrastructures while maintaining a formal CTI plan; careful
consideration was given to the funds allocated to training,
partnership, and tool selection. The overall budgeting adopted is
the 50/20/30 budget system. This system will encompass 1M for
the year and 800k annually thereafter.

24. References
Mallory, P. (2020, December 2). 6 benefits of cyber threat modeling.
https://resources.infosecinstitute.com/topics/management-compliance-auditing/6-benefits-of-cyber-threat-modeling
Enaohwo, O, M. (2022, April 4). The Definitive Guide to Regulatory Compliance. https://www.sweetprocess.com/regulatory-compliance.
International Conference on Information Modelling and Knowledge Bases (29th: 2019: Lappeenranta, Finland). (2020). Information modeling and
knowledge bases xxxi. (A. Dahanayake, Ed.) (Ser. Frontiers in artificial intelligence and applications, volume 321). IOS Press. Retrieved October 8, 2023,
8, 2023, from INSERT-MISSING-URL.
Cisco staffs. (2023, September 12). Security and privacy laws, regulations and compliances: The complete guide.
https://www.csoonline.com//article/570281/csos-ultimate-guide-to-security-and-privacy-laws-regulations-and-compliance.html
Wickramasinghe, S. (2022, December 19). CTI: The Cyber Threat Intelligence Guide. Retrieved from Splunk:
https://www.splunk.com/en_us/blog/learn/cyber-threat-intelligence-cti.html