disclosure
statement
 

Threat analysis

Develop and disseminate practical information about current and potential security threats to the success or integrity of the organization.

Methodological Guidelines:

Activities may include, but are not limited to:

Collecting data from a variety of open or proprietary intelligence sources

Processing and classifying threat data to make it useful and actionable for others packaging the data for use by users of the information

Enabling security tools to use the data automatically

Providing threat information to help others reduce vulnerabilities or respond to security incidents.

Threat analysis: level 2

Participates in routine threat intelligence tasks. Monitors and detects potential security threats and escalates them according to appropriate procedures and standards.

Threat Analysis: level 3.

Performs routine threat intelligence collection tasks. Converts collected information into a data format that can be used for operational security activities. Cleans and converts quantitative information into consistent formats.

Threat analysis: level 4.

Collects and analyzes information from various sources necessary to gather operational threat information. Participates in the analysis, ranking, and categorization of qualitative threat intelligence information. Creates threat intelligence reports. Evaluates the value, usefulness, and impact of threat intelligence sources.

Threat Analysis: level 5.

Plans and manages threat intelligence activities. Determines which categories of threats are most significant and what types of information can help protect against them. Analyzes, ranks, and classifies qualitative threat information. Provides expert advice on threat intelligence activities. Directs the preparation and editing of threat intelligence reports that improve the intelligence workflow. Distributes information and receives feedback on the value, usefulness, and impact of the data.

Threat Analysis: level 6.

Determines direction, plans, and directs the organization's approach to threat intelligence, including the use of vendors. Identifies threat intelligence requirements based on the assets to be protected and the types of intelligence that can help protect those assets. Interacts with and influences relevant stakeholders to communicate the results of the intelligence and required responses. Ensures the quality and accuracy of threat intelligence information. Analyzes threat intelligence capabilities.