One Article Review
| Source |  NoticeBored |
|---|---|
| Identifiant | 4593755 |
| Date de publication | 2022-05-11 09:25:05 (vue: 2022-05-13 21:47:26) |
| Titre | Threat intelligence policy (Recyclage) |
| Texte |  I finally found the time today to complete and publish an information security policy template on threat intelligence. The policy supports the new control in ISO/IEC 27002:2022 clause 5.7: "Information relating to information security threats should be collected and analysed to produce threat intelligence."The SecAware policy template goes a little further: rather than merely collecting and analysing threat intelligence, the organisation should ideally respond to threats - for example, avoiding or mitigating them. That, in turn, emphasises the value of 'actionable intelligence', in the same way that 'actionable security metrics' are worth more than 'coffee table'/'nice to know' metrics that are of no practical use. The point is that information quality is more important that its volume. This is an information integrity issue, as much as information availability.The policy also mentions 'current and emerging threats'. This is a very tricky area because novel threats are generally obscure and often deliberately concealed in order to catch out the unwary. Maintaining vigilance for the early signs of new threat actors and attack methods is something that distinguishes competent, switched-on security analysts from, say, journalists.The policy template costs just $20 from www.SecAware.com. I'll be slaving away on other new policies this week, plugging a few remaining gaps in our policy suite - and I'll probably blog about that in due course. |
| Envoyé | Oui |
| Condensat | $20 i the 27002:2022 7: about actionable actors also analysed analysing analysts are area attack availability avoiding away because blog catch clause coffee collected collecting com competent complete concealed control costs course current deliberately distinguishes due early emerging emphasises example finally found from further: gaps generally goes ideally important information integrity intelligence iso/iec issue its journalists just know little maintaining mentions merely methods metrics mitigating more much new nice novel obscure often order organisation other out plugging point policies policy practical probably produce publish quality rather relating remaining respond same say secaware security should signs slaving something suite supports switched table template than them threat threats time today tricky turn unwary use value very vigilance volume way week worth www |
| Tags | Threat |
| Stories | |
| Notes | |
| Move | 
|
Les reprises de l'article (1):
| Source | NoticeBored |
|---|---|
| Identifiant | 4571129 |
| Date de publication | 2022-05-10 16:37:36 (vue: 2022-05-10 05:05:29) |
| Titre | Threat intelligence policy |
| Texte | I finally found the time today to complete and publish an information security policy template on threat intelligence. The policy supports the new control in ISO/IEC 27002:2022 clause 5.7: "Information relating to information security threats should be collected and analysed to produce threat intelligence."The SecAware policy goes a little further: rather than merely collecting and analysing threat intelligence, the organisation should ideally respond to threats - for example, avoiding or mitigating them. That, in turn, emphasises the value of 'actionable intelligence', in the same way that 'actionable security metrics' are worth more than 'coffee table'/'nice to know' metrics that are of no practical use. The point is that information quality is more important that its volume. This is an information integrity issue, as much as information availability.The policy also mentions 'current and emerging threats'. This is a very tricky area because novel threats are generally obscure and often deliberately concealed in order to catch out the unwary. Maintaining vigilance for the early signs of new threat actors and attack methods is something that distinguishes competent, switched-on security analysts from, say, journalists.The policy template costs just $20 from www.SecAware.com. I'll be slaving away on other new policies this week, plugging a few remaining gaps in our policy suite - and I'll probably blog about that in due course. |
| Envoyé | Oui |
| Condensat | $20 i the 27002:2022 7: about actionable actors also analysed analysing analysts are area attack availability avoiding away because blog catch clause coffee collected collecting com competent complete concealed control costs course current deliberately distinguishes due early emerging emphasises example finally found from further: gaps generally goes ideally important information integrity intelligence iso/iec issue its journalists just know little maintaining mentions merely methods metrics mitigating more much new nice novel obscure often order organisation other out plugging point policies policy practical probably produce publish quality rather relating remaining respond same say secaware security should signs slaving something suite supports switched table template than them threat threats time today tricky turn unwary use value very vigilance volume way week worth www |
| Tags | Threat |
| Stories | |
| Notes | ★★★ |
| Move |
|
L'article ne semble pas avoir été repris sur un précédent.