What does it take to successfully apply the process of intelligence to the field of cyber security?
Or perhaps we need to consider what happens when our efforts don’t produce the outcomes we seek. What really needs to happen?
John Boling has some ideas. John recently shared his insights in Do we really need higher education to solve our perceived and actual security needs? Since that piece got people talking, I reached out to see if he wanted to step up and try out my new Security Slapshot series … and he stepped up to take a shot.
John Boling (@CySocSci) is a security veteran who followed his own path to success. Currently working as a Senior Security Consultant, he started on the front lines supporting MS-DOS and Windows before completing degrees from the University of North Carolina at Charlotte and the National Intelligence University. A conforming contradiction, he boldly blends business, technology, and social science to understand security threats.
Here’s his Security Slapshot on applying intelligence to security:
SLAPSHOT: Intelligence is NOT failing because of data or people, but from a lack of direction.
How do you get to a destination without knowing where you are going?
You can have the best maps and algorithms, but without knowing the desired destination how does a path emerge? As a result, many programs meander. Sometimes, an adequate destination appears, however many times it does not.
The reference model for the intelligence process is found in the US Department of Defense publication Joint Intelligence (JP 2-0). Much like the OSI Reference Model for networking, this represents the core understanding an intelligence professional should hold. While variances occur, all start with some sort of requirement, followed by collecting and processing data such that it can be analyzed, and finish with a reporting mechanism. Each component of this process serves a purpose and needs feedback for refinement.
As a system, the intelligence process often fails from lack of direction.
The solution is discipline to the process. The industry must recognize that intelligence emerges from a system with clear objectives. No mystery exists on processes that develop quality intelligence products, but expectations should be measured. Give your analyst clear direction outlining what questions need answers for the organization. Build data collection and processing engines to support their analysis based on those requirements. I would incorporate the following in any intelligence program:
- JP 2-0: Joint Intelligence
- Intelligence-Driven Computer Network Defense Informed by Analysis of Adversary Campaigns and Intrusion Kill Chains
- The Diamond Model of Intrusion Analysis
- Psychology of Intelligence Analysis
My Take (some color commentary)
I frequently point out the three keys of leadership including articulating the current situation accurately, painting a picture of a better tomorrow to set the direction, and then offering individuals a pathway that elevates and accelerates them.
Seems the proper application of intelligence principles requires a similar focus. In the process, the organization benefits as individuals thrive. The challenge lies in embracing the situation and translating the value of the intelligence process into the picture of a better tomorrow.
The post What security leaders need before applying intelligence to cyber appeared first on McAfee Blogs.