Leaders at all levels need to understand the importance and support the integration of operations and security through building a cyber intelligence capability/program. To better understand how a cyber intelligence program can be thought of at the strategic level, we've introduced OPSEC and its importance in how we can take a high-level view of our organization and secure it using its five steps:
- Identification of critical information
- Analysis of threats
- Analysis of vulnerabilities
- Assessment of risks
- Application of appropriate countermeasures
In this chapter, we've also provided examples of roles and responsibilities at each level that help support a cyber intelligence program. With the help of IT operations and IT security, the cyber intelligence capability provides support, utilizing top level requirements for collection, analysis, and dissemination. We've reviewed a high level Capability Maturity Model where each item on each level should answer the following:
- Do we have the capability of doing this?
- Why is this important?
- What are our challenges?
- Who are our stakeholders and how will we communicate?
- When do we need this?
In the next chapter, we will be discussing how IT managers, SOC managers, and service managers can support the cyber intelligence program/capability in the organization by covering the tenets of active defense and its application from a tactical level.