CTI Bake-Off: A Recipe for Measuring, Integrating, and Prioritizing a CTI Program
Speaker: Kellyn Wagner Ramsdell (MITRE Engenuity, US)
Abou Speaker:
Kellyn Wagner Ramsdell is a Cyber Threat Intelligence Analyst at MITRE where she works on a variety of projects supporting and advancing CTI, including supporting the Center for Threat-Informed Defense. She began her career at the Arizona Counter Terrorism Information Center (ACTIC) and the Northern California Regional Intelligence Center (NCRIC) where she produced CTI for critical infrastructure providers and supported criminal investigations for over 100 law enforcement agencies. In that role, she also coordinated a national network of cyber analysts in the United States. Kellyn has a Masters in Security and Intelligence Studies and a Bachelors in Global Security and Intelligence Studies, Security Operations Management track from Embry-Riddle Aeronautical University, Prescott.
----
Cyber threat intelligence programs must constantly prove their value. Building a measurable CTI program and integrating that program with diverse activities in your organization are two ways to show leadership the value of a CTI program. However, measuring CTI is notoriously difficult and analysts overwhelmed with threats may struggle to add support to additional business units to their workflows. This presentation will show analysts how to leverage Center for Threat-Informed Defense (Center) projects like ATT&CK Workbench and ATT&CK mappings to NIST 800-53 to directly tie their analysis to their organization’s security program. Analysts will then learn how to use ATT&CK mappings to Common Vulnerabilities and Exposures, the Insider Threat Knowledge Base, and adversary emulation plans to integrate CTI with various other security operations. Integrating and measuring effectiveness alone is not enough, though, so this presentation will close by discussing how to begin prioritizing threats using work like the Sightings Ecosystem and the Top Attack Techniques projects. By leveraging the Center’s suite of open-source tools, CTI analysts can build a well-organized CTI program with clear value.
15 ноя 2022
