During my pursuit of the CYSA (Cybersecurity Analyst) certification, I gained insights into the pivotal role played by the Security Intelligence Cycle.
1. Requirements (Planning & Direction)
The initial phase sets the stage by defining the goals for intelligence gathering. It outlines what needs to be collected, the resources (time and money) to be allocated, and considers legal restrictions guiding the data collection process.
2. Collection (& Processing)
This phase involves the implementation of software tools like SIEMs, which gather data and prepare it for later analysis. Protecting these tools is imperative; encryption and hashing techniques are deployed to safeguard sensitive information within SIEMs.
3. Analysis
Armed with collected data, analysis commences against predefined use cases from the planning phase. Modern analysis techniques, including artificial intelligence and machine learning, help discern between good, bad, and unknown entities within the data.
4. Dissemination
The dissemination phase refers to publishing information produced by analysis to consumers who need to act on the insights developed.
Three levels—strategic, operational, and tactical—determine the relevance and urgency of the information. Strategic intelligence looks at long-term impacts, operational intelligence aids day-to-day decisions, and tactical intelligence guides real-time responses to alerts.
5. Feedback
This phase is a reflective journey aiming to enhance the entire intelligence cycle. It seeks to refine requirements, improve data collection and analysis, and streamline information dissemination. Reviewing lessons learned, measuring success, and keeping pace with evolving threats drive continuous improvement.
Factor for Value of intelligence
Sources:- Timeliness, Relevancy, Accuracy
Evaluation of source reliability
● Risk Management
Identifies, evaluates, and prioritizes threats and vulnerabilities to reduce their negative impact
● Incident Response
An organized approach to addressing and managing the aftermath of a security breach or cyberattack
● Vulnerability Management
The practice of identifying, classifying, prioritizing, remediating, and mitigating software vulnerabilities
● Detection and Monitoring
The practice of observing activity to identify anomalous patterns for further analysis
Akash Patel
Comments