We started with the risk management assessment and it was my worst assessment yet, with two answers wrong. A bit upsetting but something to work on for next week’s final assessment.
This week will be focused on threat intelligence.
Threat Intelligence is evidence-based knowledge about adversaries, including their indicators, tactics, motivations, and actionable advice against them.
This are the Threat Intelligence Classifications:
Strategic Intelligence: High-level insights that inform leadership decisions and long-term security strategies.
Technical Intelligence: Data on specific artifacts such as IPs, domains, and file hashes.
Tactical Intelligence: Information on adversary TTPs (Tactics, Techniques, and Procedures) used during attacks.
Operational Intelligence: Real-time intelligence on active threats, including who is attacking and why.
I learned about CTI lifecycle which follows a six-phase cycle:
Planning and Direction – Define goals and what intelligence is needed.
Collection – Gather relevant data from various sources.
Processing – Organize and filter raw data into usable information.
Analysis – Make sense of the data to identify patterns and insights.
Dissemination – Share the intelligence with stakeholders who need it.
Feedback – Evaluate the usefulness of the intelligence and refine the process.
In the afternoon, we explored several Threat Intelligence tools. I found Cisco Talos particularly interesting, it’s a threat intelligence platform offering insights into global cyber threats, backed by Cisco’s network data.
Today wasn’t one of my best days but after class I got with my classmate bro Adedayo, and I helped him with a Splunk room which was actually also great for me to do some revision.
