Setting Your CTI Process In Motion - ENISA CTI-EU 2022
•
3 likes•1,542 views
This presentation is all about how CTI teams can put their CTI Process in Motion. The presentation took place on 7th December 2022 at ENISA CTI-EU 2022 Conference in Brussels.
Report
Share
Setting Your CTI Process In Motion - ENISA CTI-EU 2022
- 1. ENISA CTI-EU Conference 2022 Andreas Sfakianakis CTI Professional
- 2. § CTI in Financial, Energy, and Technology sectors § ENISA, FIRST.org, SANS, European Commission § Twitter: @asfakian Mastodon: @asfakian@infosec.exchange § Websites: www.threatintel.eu www.sandgroup.eu tilting at windmills
- 4. Setting the scene Workflow & Case Management Basic Ingredients
- 13. § Tagging § Custom Fields § Easy searching and filtering § Rate your sources § Control access
- 14. Management • Time spent per PIR • CTI assessments per threat type/threat actor • CTI assessments(or time spent) supporting IR • Quantitative feedback received per PIR • Time spent on RFIs per stakeholder Team • Sources mostly used • CTI deliverables per PIR • CTI deliverables per stakeholder • Average time spent per CTI deliverable • CTI analysts’ workload • Time spent on CTI projects
- 17. Some TIPs Recommendation is to live off the land (at least at the start of your journey)
- 18. Remember § Data into buckets § Consistency is key § Spend time to save time
- 19. Request For Information (RFI) Feedback Mechanism
- 21. §A common shortcoming of CTI teams §The importance of workflow and case management §The basic ingredients
- 23. Andreas Sfakianakis @asfakian threatintel.eu / sandgroup.eu Sharing is caring