Example of Threat Intelligence Policy

Uncategorized 4 Minutes

1.0 Purpose

The purpose of this policy is to set the requirements for proper facilitation and operation of the XXX threat intelligence program. The development of a threat intelligence program will support the continuous improvement of the overall network security, as well as offering the opportunity to engage in in-depth collection, analysis, and communication of IOCs while providing visibility into our immediate threat landscape to identify red flags before they turn into full-blown issues.

2.0 Scope

This Threat Intelligence Policy applies to all business processes and data, information systems and components, personnel, and physical areas of XXX.

3.0 Policy

The Threat Intelligence Program will adhere to the steps of Planning, Collection, Analysis, Communication, and Collaboration & Feedback.

3.1. Planning

  1. The Threat Intelligence Program will be established and governed with roles and responsibilities.
  2. The Threat Intelligence Team will combine the following responsibilities:
    • Malware analysis
    • Reverse-engineering
    • Forensics and eDiscovery
    • Management of threat intelligence
    • Intelligence gathering, analysis, and distribution of threat information
    • Threat assessment
    • Collaboration with all information security teams within the organization
  3. A threat collaboration environment will be established to safeguard different aspects of the organization, while filling intelligence gaps of other roles.
  4. The threat collaboration environment will be composed of teams including Threat Intelligence, Vulnerability Management, Incident Management, and Security.
  5. An analytical methodology will be decided upon and adhered to, ensuring the organization to proactively mitigate advanced threats.

3.2. Collection:

a. A threat intelligence strategy will be established and maintained on a regular basis, at least annually.
b. Internal and external sources will be used for intelligence gathering. Sources must be relevant, timely, and reliable. These feeds will be analyzed daily for the most up-to-date, relevant intelligence gathering.
c. Industry-recommended standards for formatting and exchange of threat data will be used during collection. The fewest standards capable of providing the functionality needed will be used, including STIXX, TAXII, and openIOC .

3.3. Intelligence Analysis:

a. A formalized process for analysis must be established, educated, and updated.
b. A Threat Escalation Protocol (TEP) will be established for critical intelligence escalation procedures.
c. The Diamond Model will be used for carrying out threat analysis based on hypothesis generation and testing.
d. Threat analysis software may be used, subject to organizational vendor risk assessments and procurement procedures.
e. A threat intel portal or central knowledge base will be established and utilized.
f. Runbooks will be established, distributed, and followed to handle specific security incidents.

3.4. Collaboration & Feedback:

a. Alerts, briefings, and reports generated and distributed to relevant stakeholders regularly [indicate frequency, e.g.: daily alerts, weekly briefings, monthly reports.
b. An intelligence feedback loop will be established to ensure accurate and consistent threat intelligence.

Threat Intelligence Project Charter

Business DriverConcerns/Motivations
Increased securityLimited visibility into the threat landscape means more solutions need to be put in place. Meet the operating needs of the organization in a secure manner:Safeguard data at rest, in transit, and in use across on-premise and hosted systems.Safeguard the confidentiality, integrity, and availability of the network, systems, and applications to the required levels by the business.There are no cookie-cutter solutions to threat intelligence– threat intelligence solutions offer other helpful security features to provide an all-cylinders-firing security tool.
In response to an incidentOrganization suffered an incident where the network was breached. In order to strengthen its network security, a threat intelligence program is a necessary initiative to address gaps in defenses. Move from a reactive response model to a predictive model to identify risks before potential impact and threats before potential attack.
ReplacementOur previous threat intelligence program was not sufficient in preventing today’s attacks and needs to be reevaluated.
Risk management concernsOur current threat intelligence program does not provide a formalized data collection, analysis, or collaboration process – all critical components to ensuring we maintain a risk management-focused environment.
Identify the business drivers that are behind your threat intelligence project.

Roles and Responsibilities

Individuals needed and responsible for threat intelligence may include the following:

  • Chief Information Security Officer
  • Senior management
  • Security team staff
  • Help desk
  • Information owner
  • Information systems staff
  • Building and/or facilities management staff

Other individuals that may be needed include representation from:

  • Public Affairs
  • Legal/Compliance department
  • Internal Audit/Risk Management
  • Other workforce members involved in the incident or needed to fix/resolve it
  • Contractors (as necessary)

Many of these roles will work together to form the threat collaboration environment. Organizations must look at the threat intelligence with a holistic mindset. Threat intelligence operates as a component of the larger threat collaboration environment and must be designed to complement existing security operations.

Project Team

RoleNameContact Information Involvement
Project Sponsor   Full-time (Core), Part-time Involved at a singular stage
Project Manager   
Information Sharing/Liaison Analyst   
Security Operations Team   
Incident Response Team   
Vulnerability Management Team   
Stakeholder/Vendor Management Analyst   
Subject Matter Experts   
Project Team

Financial Obligations for a Threat Intelligence Implementation

Total Budget$
Hardware 
Software Licensing 
Third-Party Software 
Application Licensing 
Documentation and Training 
Annual Maintenance Costs 
Etc. 
Breakdown of Costs

Project Costs

ExpenseApproved BudgetActual Cost
Staffing  
RFP Submission Costs  
Consulting Costs  

4.0 Policy Compliance

4.1 Compliance Measurement
The IT team will verify compliance to this policy through various methods, including but not limited to, business tool reports, internal and external audits, and feedback to the policy owner.
4.2 Exceptions
Any exception to the policy must be approved by the Infosec team in advance.
4.3 Non-Compliance
An employee found to have violated this policy may be subject to disciplinary action, up to and including termination of employment.

Published by Pretesh Biswas

Pretesh Biswas has wealth of qualifications and experience in providing results-oriented solutions for your system development, training or auditing needs. He has helped dozens of organizations in implementing effective management systems to a number of standards. He provide a unique blend of specialized knowledge, experience, tools and interactive skills to help you develop systems that not only get certified, but also contribute to the bottom line. He has taught literally hundreds of students over the past 5 years. He has experience in training at hundreds of organizations in several industry sectors. His training is unique in that which can be customized as to your management system and activities and deliver them at your facility. This greatly accelerates the learning curve and application of the knowledge acquired. He is now ex-Certification body lead auditor now working as consultancy auditor. He has performed hundreds of audits in several industry sectors. As consultancy auditor, he not just report findings, but provide value-added service in recommending appropriate solutions. Experience Consultancy: He has helped over 100 clients in a wide variety of industries achieve ISO 9001,14001,27001,20000, OHSAS 18001 and TS 16949 certification. Industries include automotive, metal stamping and screw machine, fabrication, machining, assembly, Forging electrostatic and chrome plating, heat-treating, coatings, glass, plastic and rubber products, electrical and electronic equipment, assemblies & components, batteries, computer hardware and software, printing, placement and Security help, warehousing and distribution, repair facilities, consumer credit counseling agencies, banks, call centers, etc. Training: He has delivered public and on-site quality management training to over 1000 students. Courses include ISO/TS -RAB approved Lead Auditor, Internal Auditing, Implementation, Documentation, as well as customized ISO/TS courses, PPAP, FMEA, APQP and Control Plans. Auditing: He has conducted over 100 third party registration and surveillance audits and dozens of gap, internal and pre-assessment audits to ISO/QS/TS Standards, in the manufacturing and service sectors. Other services: He has provided business planning, restructuring, asset management, systems and process streamlining services to a variety of manufacturing and service clients such as printing, plastics, automotive, transportation and custom brokerage, warehousing and distribution, electrical and electronics, trading, equipment leasing, etc. Education & professional certification: Pretesh Biswas has held IRCA certified Lead Auditor for ISO 9001,14001 and 27001. He holds a Bachelor of Engineering degree in Mechanical Engineering and is a MBA in Systems and Marketing. Prior to becoming a business consultant 6 years ago, he has worked in several portfolios such as Marketing, operations, production, Quality and customer care. He is also certified in Six Sigma Black belt .

Published

Leave a Reply