This week at the 2018 RSA Conference, the Cloud Security Alliance released a new framework for Building a Foundation for Successful Cyber Threat Intelligence.
Sophisticated organizations, particularly cloud providers, know that the difference between a minor incident and massive breach lies in their ability to quickly detect, contain, and mitigate an attack.
This framework will help corporations seeking to participate in cyber intelligence exchange programs to enrich their event data and improve their incident response speed and capabilities.
The paper is divided into three main sections.
1. Finding Your Fit - Evaluating Sharing Programs
How to find sharing partners and exchange platforms that best meet your needs.
2. Before You Join - Building a Foundation for Success
Identify the capabilities and business requirements that form the foundation of a cyber intelligence exchange program.
3. Getting Started - A Framework for Threat Intelligence Exchange
Understand the basics of the exchange process so they can efficiently share the event they see and more efficiently operationalize any intelligence they collect.
While this paper specifically looks at CSA’s threat intelligence exchange, the framework behind it relevant to any organization seeking to participate in a cyber threat intelligence exchange program, such ISACs/ISAOs like R-CISC and IT-ISAC.