Applying the National Intelligence Process to Information Security

Cory Bowline

Share this Project

The “Intelligence” approach to information security is growing in popularity, but many are still struggling to define what this means to their own processes. Red Canary has drawn upon the time-tested and well-defined procedures followed by practitioners of secret intelligence – spies, satellites, drones, etc. – in order to explain how to build and manage an intelligence process that will effectively inform corporate decision-makers in the most focused way possible. The following points are from a Red Canary whitepaper: Applying the National Intelligence Process to Information Security.

Identify Intelligence Requirements

Without properly addressing this first important step, the rest of the process will be flawed and inefficient. Comprehensively answering questions about your organization, objectives, and stakeholders will greatly improve the quality of any intelligence process.

Identify Intelligence Priorities

This involves “racking-and-stacking” the requirements according to the priority in your specific business environment. You certainly want to prevent a breach if possible, but would you respond to a breach by an insider with a different priority than by an outsider?

Curate Sources

Determine what sources of information will best inform you according to the priorities identified above. There are four essential attributes you must consider for any intelligence source:

  • Trustworthiness: Identify whether you feel your sources may mislead you, either intentionally or unintentionally?
  • Accuracy: This can rarely be tested in advance. Tracking the historical accuracy of any source – human or electronic – is critical for long-term success of an intelligence-enabled process.
  • Reliability: If you plan to draw on sources from the security underground or rely on a third-party, you need to understand what kind of timeframe a source will respond in.
  • Relevancy: The practical value and cost effectiveness of each intelligence source will vary based on the type of question you plan to answer with the data.

Apply Processes to Turn Data into Intelligence

Intelligence helps inform decision-making. It is built up over time and with considerable effort, using data to form information, and then analytical processes to form intelligence.

Communicate the Resulting Intelligence

Perhaps the simplest step, this is conveying the finished intelligence product to the intended audience, at the appropriate level of detail – but without losing any meaning that could impact the decision-making process.

Examine the Usefulness of Your Intelligence

If the conveyed message does not answer the questions needed to make decisions, the intelligence process has failed. Intelligence is meant to be informative, not instructional.

It is important to understand that a strong intelligence capability does not guarantee immunity from adverse security events. Rather, a strong security posture based on sound intelligence will reduce the number and severity of such events by providing you with strategic warnings.

Read the full whitepaper: Applying the National Intelligence Process to Information Security