News, products, vendors, threats, training and publications for cloud and cyber security.
Security Software & Equipment Store
Monday, March 21, 2016
SAN's General Model for Information Technology Security Evaluation
Developing a detailed threat
profile, provides organizations with a clear illustration of the threats that
they face, and enables them to implement a proactive incident management program that
focuses on the threat component of risk. Organizations are facing new types
of advanced persistent threat (APT) scenarios that existing risk management programs
are not able to evaluate completely and incident management programs are not able to
defend against. This paper provides information about how to expand existing risk
management models to better illustrate APTs and provides a framework on how to
gather threat related information so that detailed threat profiles that include APTs can be
developed for organizations. These threat profiles can be used by an organization’s risk management team to record information about threat actors,scenarios, and campaigns that may have been launched against them. The threat profiles will provide incident management teams with threat intelligence information that they can use to analyze individual
threat scenarios or threat scenario campaigns and enable them to anticipate and
mitigate future attacks based on this detailed knowledge about the threats. Share your comments on the APT General Model for IT Evaluation with us here at the Cloud and Cyber Security Center: http://cloudandcybersecurity.blogspot.com/
No comments:
Post a Comment