23 September 202615:30–17:30 CEST
Online
45 min·Track: Technical
What is Cyber Threat Intelligence and how it differs from Cyber Threat Models?
Learning Content
- 1) Intelligence Cycle
- 2) Intelligence Collection Plan (ICP)
- 2.1) Collection Elements of Information
- 2.1.1) Business Parameters
- 2.1.2) Operational Environment
- 2.1.3) Threat-centric Actors / Scenarios
- 2.1.4) Environmental Effects
- 2.1.5) Digital Footprint
- 2.1) Collection Elements of Information
- 3) 4 levels of Threat Intelligence
- 4) Threat actor attribution
- 4.1) Why Wizard Spider (Crowdstrike) is not necessarily equivalent to FIN12 (Mandiant), although both are known Ryuk operators
- 5) Intelligence sources
- 6) Cyber Threat Intelligence is the input to Cyber Threat Modeling
- 7) Cyber Threat Models structure and operationalize Cyber Threat Intelligence
- 8) Cyber Threat Intelligence provides evidence-based knowledge about real attackers and their behavior, whereas cyber threat modeling provides structured representations of how attacks could occur within an environment.
Target Audience
- Security Consultants
- Security Analysts
- Security Investigators
- Threat Hunters
- Incident Responders
45 min·Track: Technical
What is the definition of a Cyber Threat Model?
What approaches do exist to produce a Cyber Threat Model?
Learning Content
- 1) Definition
- 2) Key elements
- 2.1) Threat actors (who is attacking)
- 2.2) Adversary goals (what they want to achieve)
- 2.3) Capabilities and resources (what they can do)
- 2.4) Attack vectors / paths (how they can attack)
- 2.5) Target assets / system components (what is being attacked)
- 2.6) Consequences (Confidentiality, Integrity, Availability)
- 3) Formalized versus non-formalized Cyber Threat Models
- 4) Asset-centric (STRIDE, CBEST, TIBER-EU, CAPEC)
- 5) System-centric (STRIDE, CBEST, TIBER-EU, CAPEC)
- 6) Threat-centric (MITRE ATT&CK, CBEST, TIBER-EU, CAPEC)
Target Audience
- Security Consultants
- Security Analysts
- Security Investigators
- Threat Hunters
- Incident Responders