Understanding & Managing Collection to Support Threat Intelligence Analysis - SANS CTI Summit
HTML-код
- Опубликовано: 7 июл 2024
- Fear of missing out when collecting information is very real. Traditional intelligence practitioners often assume that their goal is to gather as much information as possible to formulate a more comprehensive picture of threats, and this is a common problem in cyber threat intelligence as well. However, this approach can hamper the accuracy, timeliness, and relevancy of analysis. In truth, excessive collection will likely lead to information overload on both the individual and institutional levels that can result in skewed analysis and assessments. Unfettered and undermanaged intelligence collection of raw, exploited, and production data can affect both data-driven analysis and conceptually-driven analysis. It has been shown that an analyst only needs minimum information to make an informed judgment. Common issues deriving from collection overload include overconfidence (a result of circular reporting or having too many information sets to evaluate); reinforcement of collection bias; and unchecked collection, which may cause analytic paralysis that leads to a high noise-to-signal ratio that in turn results in indecision and an inability to conduct effective structured analysis.
This presentation proposes best practices to mitigate such issues by producing a realistic collection management framework and sustainable intelligence requirements; starting with a minimal viable collection strategy; collecting what you need and growing it only as needed; conducting source review and evaluation; evaluating exploited and production data via a framework such as an admiralty system; and counting the times a source is used to enforce an assessment in order to uncover collection bias. Finally, we’ll look at upgrading analysis models as the best way to improve analysis and mitigate issues deriving from over-collection.
Sherman Chu, Cyber Intelligence Analyst, New York City Cyber Command 
Наука
15:10 Good, but the problem is that most organizations have little experience jotting down Intelligence Requirements, especially related to cyber security.
You all prolly dont give a shit but does any of you know of a method to log back into an instagram account?
I was dumb lost my password. I would appreciate any help you can offer me!
@@azariahjosiah2123 No i don't give a shit. And i also block.
20:50 - Be very wary of on-the-fly collection. Wow. I wish i have heard this sooner
Can you elaborate? I didn't get it!
@@youmemeyou same