Wednesday, June 22, 2016

Cybersecurity managers must serve as translators from technology to business and back

The two sentences on the slide are gibberish. However, when you speak with someone deeply immersed in the Threat Intelligence, (TI), world they tend to talk a lot like that. 

TI people, you have a responsibility to communicate in English. TI people, you have a responsibility to communicate in English. In a course that I will be teaching in Boston, Management 512, Security Leadership Essentials for Managers, we point out cybersecurity managers must serve as translators. Therefore, we need to take the time to learn some of the TI terminology. A primer ensues with links for further information.

The TI infrastructure is largely made up of three specifications. Cyber Observable Expression (CybOX) - events that are observed. Trusted Automated Exchange of Indicator Information (TAXII) - specification for sharing information. Structured Threat Information Expression (STIX) - an encoding language. The best site I was able to find is SecurityIntelligence, so take a moment to read and get up to speed.

Collaborative Research Into Threats, (CRITS), and the Malware Information Sharing Platform, (MISP) are open source analysis and collaboration tools. Soltra Edge is free for a basic license, there are "enterprise membership" offerings as well which include support.

JSON is a sane way of working with Javascript.  Python is quickly becoming the preferred language of cybersecurity. If you end up working with a TI Application Programming Interface, it will almost certainly be constructed with one of these languages.

Traffic Light Protocol, (TLP), is a guideline for what can be shared with whom. My favorite writeup is the Solutionary "Fight Club" post.

And this is all I know. If you read this blog post and have an insight to share please leave a comment. We might end up with stone soup  yet.

No comments:

Post a Comment