Cyber Threats, Vulnerabilities, and Intelligence Analysis

STEP 3: Cyber Threats, Vulnerabilities, and Intelligence Analysis discusses threat management within the context of the world economy, the surrounding industry, and the threats specific to an organization. It discusses proper vulnerability management which allows the organization to limit its exposure to worldwide threats, industry-wide threats, and, most importantly, its exposure to threats that target the organization.

A threat awareness program and proper inter-communication provide organizations intelligence relating to what outcomes are possible – not how outcomes will occur. A mature organization will develop a cybersecurity and cyber resilience program that is tailored to the particular threats facing their organization and use models to guide its threat management program. This chapter discusses types of cyber threat actors, cyber threats, cyberattacks, and threat modeling techniques. It also discusses threat intelligence and threat impact analysis.

This chapter also defines vulnerabilities and presents the main categories, using the Open Web Application Security Project (OWASP) Application Security Vulnerabilities list as well as asset-related vulnerabilities, and the Common Vulnerability Scoring System (CVSS).