Cyber Intelligence-Driven Risk

Turn cyber intelligence into meaningful business decisions and reduce losses from cyber events

Cyber Intelligence-Driven Risk provides a solution to one of the most pressing issues that executives and risk managers face: How can we weave information security into our business decisions to minimize overall business risk?

In today's complex digital landscape, business decisions and cyber event responses have implications for information security that high-level actors may be unable to foresee. What we need is a cybersecurity command center capable of delivering, not just data, but concise, meaningful interpretations that allow us to make informed decisions.

Building, buying, or outsourcing a CI-DR™ program is the answer. In his work with executives at leading financial organizations and with the U.S. military, author Richard O. Moore III has tested and proven this next-level approach to Intelligence and Risk. This book is a guide to:

• Building, buying, or outsourcing a cyber intelligence–driven risk program
• Understanding the functional capabilities needed to sustain the program
• Using cyber intelligence to support Enterprise Risk Management
• Reducing loss from cyber events by building new organizational capacities
• Supporting mergers and acquisitions with predictive analytics

Each function of a well-designed cyber intelligence-driven risk program can support informed business decisions in the era of increased complexity and emergent cyber threats.

Preface vii

Acknowledgments xi

Introduction xv

Chapter 1: Objectives of a Cyber Intelligence-Driven Risk Program 1

Notes 5

Chapter 2: Importance of Cyber Intelligence for Businesses 7

Notes 14

Chapter 3: Military to Commercial Viability of the CI-DR^™ Program 15

Notes 23

Chapter 4: CI-DR^™ Security Program Components 25

Notes 39

Chapter 5: Functional Capabilities of the CI-DRTM Program 41

Notes 54

Chapter 6: CI-DR^™ Key Capability Next-Generation Security Operations Center 55

Introduction by Kiran Vangaveti – CEO of BluSapphire 55

Notes 60

Chapter 7: CI-DR^™ Key Capability Cyber Threat Intelligence 63

Notes 70

Chapter 8: CI-DR^™ Key Capability Forensic Teams 71

Dr. Steven Johnson

Notes 85

Chapter 9: CI-DR^™ Key Capability Vulnerability Management Teams 87

By Derek Olson

Notes 103

Chapter 10: CI-DR^™ Key Capability Incident Response Teams 105

By Dr. Steven Johnson

Notes 122

Chapter 11: CI-DR^™ Collection Components 123

Notes 125

Chapter 12: CI-DR^™ Stakeholders 127

By Steve Dufour, CEO

Notes 133

Conclusion 135

Glossary 139

About the Author and Chapter Authors 145

Index 149

RICHARD O. MOORE III, MSIA, CISSP, CISM, is founder and CEO of CyberSix, a consultancy that provides executive cyber leadership. Previously, Moore served in top Intelligence and Risk roles at Alvarez and Marsal, New York Life Insurance Company, KPMG, and the Royal Bank of Scotland. He also spent 15 years with the U.S. Marine Corps Intelligence Community.

Organizations continue to lament outsized losses from cyber threats, despite leaps-and-bounds advances in cybersecurity and cyber intelligence operations. Additional security expenditure rarely makes a significant dent in these losses. The problem is a significant disconnect between information security and business decision making. Our information security programs provide us with detailed data, predictions, and incident response programs, but we have failed to build the capacity to translate this knowledge into meaning that we can apply to assess the business risk of various courses of action.

Faced with the knowledge that a malicious entity plans to attack an organization at a particular time, many decision makers would opt to stop the attack. But what if the attack will be short-lived, ultimately costing the business less than it would cost to prevent the attack? How many cybersecurity reports are accounting for the opportunity cost of lost customers? What's the true business impact of the mitigation effort if similar attacks continue to happen in the future? Cyber Intelligence-Driven Risk details how to build such complex questions of cost-benefit and risk analysis into cyber risk analysis programs, so any leader can make informed cybersecurity decisions.

As the digital world becomes more complex and more essential to business, it is imperative that C-suite executives and risk managers operate from a nuanced understanding of all avenues available. Today's organizations need personnel who can synthesize information in a way that enables correct action from a business risk perspective. This book is a unique manual for developing this imperative capacity.

Turn cyber intelligence into meaningful business decisions and reduce losses from cyber events

Cyber Intelligence-Driven Risk provides a solution to one of the most pressing issues that executives and risk managers face: How can we weave information security into our business decisions to minimize overall business risk?

In today's complex digital landscape, business decisions and cyber event responses have implications for information security that high-level actors may be unable to foresee. What we need is a cybersecurity command center capable of delivering, not just data, but concise, meaningful interpretations that allow us to make informed decisions.

Building, buying, or outsourcing a CI-DR™ program is the answer. In his work with executives at leading financial organizations and with the U.S. military, author Richard O. Moore III has tested and proven this next-level approach to Intelligence and Risk. This book is a guide to:

• Building, buying, or outsourcing a cyber intelligence–driven risk program
• Understanding the functional capabilities needed to sustain the program
• Using cyber intelligence to support Enterprise Risk Management
• Reducing loss from cyber events by building new organizational capacities
• Supporting mergers and acquisitions with predictive analytics

Each function of a well-designed cyber intelligence-driven risk program can support informed business decisions in the era of increased complexity and emergent cyber threats.