Cyber Intelligence-Driven Risk How to Build and Use Cyber Intelligence for Business Risk Decisions

Turn cyber intelligence into meaningful business decisions and reduce losses from cyber events

Cyber Intelligence-Driven Risk provides a solution to one of the most pressing issues that executives and risk managers face: How can we weave information security into our business decisions to minimize overall business risk?

In today's complex digital landscape, business decisions and cyber event responses have implications for information security that high-level actors may be unable to foresee. What we need is a cybersecurity command center capable of delivering, not just data, but concise, meaningful interpretations that allow us to make informed decisions.

Building, buying, or outsourcing a CI-DR™ program is the answer. In his work with executives at leading financial organizations and with the U.S. military, author Richard O. Moore III has tested and proven this next-level approach to Intelligence and Risk. This book is a guide to:

• Building, buying, or outsourcing a cyber intelligence–driven risk program
• Understanding the functional capabilities needed to sustain the program
• Using cyber intelligence to support Enterprise Risk Management
• Reducing loss from cyber events by building new organizational capacities
• Supporting mergers and acquisitions with predictive analytics

Each function of a well-designed cyber intelligence-driven risk program can support informed business decisions in the era of increased complexity and emergent cyber threats.

RICHARD O. MOORE III, MSIA, CISSP, CISM, is founder and CEO of CyberSix, a consultancy that provides executive cyber leadership. Previously, Moore served in top Intelligence and Risk roles at Alvarez and Marsal, New York Life Insurance Company, KPMG, and the Royal Bank of Scotland. He also spent 15 years with the U.S. Marine Corps Intelligence Community.

Cyber Intelligence Driven Risk     1

Acknowledgements        4

Foreword            6

Notes    6

Introduction       8

Notes    9

Objectives of a Cyber Intelligence-Driven Risk program   11

Notes    13

Importance of Intelligence for Businesses             15

Military to Commercial Viability of the CI-DR™ Program  21

Notes    26

CI-DR™ Security Program Components   27

Notes    35

Functional capabilities of the program    37

Notes    47

CI-DR™ Key Component Next-Generation Security Operations Center      48

Notes    51

CI-DR™ Key Component Cyber Threat Intelligence             52

CI-DR™ Key Component Forensic teams – Dr. Steven Johnson      55

Notes    65

CI-DR™ Key Component Vulnerability Management teams – Derek Olson               66

Notes    77

CI-DR™ Key Component Incident Response Teams – Dr. Steven Johnson 78

Notes    90

Security Testing teams   91

CI-DR™ Collection Components 92

Notes    93

CI-DR™ Stake Holders     94

Conclusion          97

Bibliography       99

About the Author and Chapter Authors  100

Richard O. Moore III, MSIA, CISSP, CISM The Author and Editor    100

Steven Johnson, DSc., CISM, CISSP, CCE #1463     100

Derek Olson, CISSP, CISM             101

Glossary               102

Index

The New copy of this book will include any supplemental materials advertised. Please check the title of the book to determine if it should include any access cards, study guides, lab manuals, CDs, etc.

The Used, Rental and eBook copies of this book are not guaranteed to include any supplemental materials. Typically, only the book itself is included. This is true even if the title states it includes any access cards, study guides, lab manuals, CDs, etc.