Contribute to routine threat intelligence tasks
Overview
This standard covers the competences needed to contribute to routine threat intelligence and threat modelling tasks which are carried out by organisations to identify current and potential threats to their business.
In order to meet this standard, you are required to; have the knowledge, skills and understanding necessary to contribute to threat intelligence and modelling processes, ensure that your work complies with all legal, statutory, industrial and organisational requirements and follow applicable industry codes of practice. You will be required to work under close supervision and to follow instructions, but you will take responsibility for the quality and accuracy of the threat intelligence work that you carry out.
This type and level of activity is likely to be undertaken by someone whose work role involves cyber security analyst work activities which incorporate threat analysis and modelling e.g. Junior Security Analysts, Junior Cyber Threat Intelligence Analysts. You will likely work within a team of analysts collecting and documenting information on cyber security threats to the organisation. You will be competent in assisting in sourcing information that identifies potential threats, analysing related trends and highlighting security issues relevant to the organisation.
Your underpinning knowledge of threat intelligence and modelling will enable you to apply the appropriate principles and practices and use these to identify the potential threats to the systems and data in an organisation. Effective threat intelligence involves the comprehensive and continuous collection and analysis of information from the right data sources, originating from both inside and outside an organisation.
Performance criteria
You must be able to:
- use defined external threat intelligence sources to collect data in order to inform organisational threat assessment activities
carry out threat hunting within internal computer networks using approved procedures to locate undetected threats
develop threat assessments by following threat intelligence workflows
identify threats to information systems, networks and data
respond to requests for threat information required by stakeholders in the required timescales
perform packet capture analysis to intercept and log network communications to identify new threats
- assist with threat modelling assessments to identify the potential business impacts of new threats to prioritise mitigations
- apply tools and techniques for threat intelligence and threat modelling in line with organisational procedures
- produce required threat intelligence reports, indicators and other associated guidance materials in the required timescales
- assist in disseminating and communicating threat intelligence reports and awareness and warning materials
Knowledge and Understanding
You need to know and understand:
the nature, characteristics and risks of threats
the industry standard workflow for intelligence gathering that starts with Human Intelligence (HUMINT), utilises Open Source Intelligence (OSINT), and provides leads for Signals Intelligence (SIGINT)
the vulnerabilities of a system that may be open to threat actors, including people, devices, networks and databases
how to identify compromises of confidentiality, integrity or availability of data that result from the successful exploitation of a vulnerability by a threat agent
the current cyber threats, attack methodologies and threat detection techniques using a wide variety of sources
why the threat environment requires continual monitoring
the cyber threat intelligence sources that are available
how to determine the impact of different threats being realised
the role of threat agents in initiating deliberate or accidental threats
the importance of threat intelligence and threat modelling to protecting organisational security
the required threat modelling tools and how to apply them
the concepts and processes of threat intelligence and threat modelling and how to apply them
the steps involved in reviewing and correlating threat intelligence information to determine insights
the regulatory and legislative requirements, organisational policies and procedures for carrying out threat intelligence and modelling activities
the approval process for preparing and publishing the results of threat intelligence outcomes