Setting Your CTI Process In Motion - ENISA CTI-EU 2022
3 likes1,683 views
The document presents insights from the ENISA CTI-EU Conference 2022, focusing on cyber threat intelligence (CTI) in finance, energy, and technology sectors. It emphasizes the importance of workflow, case management, and effective metrics for CTI processes, detailing challenges and recommendations for improvement. Key topics include knowledge management, source control, and the significance of data organization and consistency.
Setting Your CTI Process In Motion - ENISA CTI-EU 2022
- 1. ENISA CTI-EU Conference 2022 Andreas Sfakianakis CTI Professional
- 2. § CTI in Financial, Energy, and Technology sectors § ENISA, FIRST.org, SANS, European Commission § Twitter: @asfakian Mastodon: @asfakian@infosec.exchange § Websites: www.threatintel.eu www.sandgroup.eu tilting at windmills
- 4. Setting the scene Workflow & Case Management Basic Ingredients
- 13. § Tagging § Custom Fields § Easy searching and filtering § Rate your sources § Control access
- 14. Management • Time spent per PIR • CTI assessments per threat type/threat actor • CTI assessments(or time spent) supporting IR • Quantitative feedback received per PIR • Time spent on RFIs per stakeholder Team • Sources mostly used • CTI deliverables per PIR • CTI deliverables per stakeholder • Average time spent per CTI deliverable • CTI analysts’ workload • Time spent on CTI projects
- 17. Some TIPs Recommendation is to live off the land (at least at the start of your journey)
- 18. Remember § Data into buckets § Consistency is key § Spend time to save time
- 19. Request For Information (RFI) Feedback Mechanism
- 21. §A common shortcoming of CTI teams §The importance of workflow and case management §The basic ingredients
- 23. Andreas Sfakianakis @asfakian threatintel.eu / sandgroup.eu Sharing is caring