1.8 Current threat status and making possible recommendations based on cybersecurity Findings

As a cyber security professional, your job may include analysing the current threat status and making

recommendations for actions based on the intelligence information that you have gathered.

Threat status is the current level of malicious cyber activity and the potential for damage or disruption

to a computer, network or system. Threat status can include information such as the likelihood of

a malware or denial of service attack, whether software needs to be updated or patched, whether

employees need additional training or whether the building premises are secure.

A higher threat status means there is more risk. Each organisation has its own way of labelling the threat

status. Some use a simple traffic lights system of red (high threat), yellow (medium threat) and green

(low threat). Others use more complex systems.

In order to determine the threat status, a process such as threat modelling is used.

Threat modelling is a structured process that is used to identify potential security threats and

vulnerabilities, determine the seriousness of each threat, and make recommendations on what areas to

prioritise in order to reduce the threat of attack and protect an organisation’s resources. There are many

different types of threat modelling processes and tools that are used to determine the threat status and

make recommendations, and they usually involve the following:

Gathering threat intelligence

Security teams use reliable sources and OSINT to gather information on threats and vulnerabilities, tools and processes that can be used to exploit vulnerabilities, and possible motivations of attackers. This information needs to be kept up to date and may also include new detection methods or tools that can be used to fight cyber threats.

Asset identification

Cyber security teams will keep an up-to-date database of the different computers, devices, software, networks and systems that are in use in an organisation. This will help them to track any known vulnerabilities, such as software that has a flaw and needs a security patch. It also helps security teams to track any unauthorised changes – for example, by getting alerts when any software is downloaded without authorised permission.

Mitigation capabilities

This includes collecting information about the technology an organisation is using to protect, detect and respond to particular types of threat, and about the organisation’s security processes. The security team can then decide if more resources are needed to counter likely threats. For example, the security team may have found out about a type of malware that can get around their firewall, so they may decide to upgrade the firewall.

Risk assessment

This part of threat modelling combines the risk of threat to the organisation’s assets with the organisation’s mitigation capabilities, to determine how likely it is that a particular type of attack will take place. The security team can then develop a plan for addressing the vulnerabilities. Risk assessments can also involve testing both systems and solutions. For example, using penetration testing to find out if existing security measures are effective.

Threat mapping

Threat mapping is a process that follows the potential path of threats through an organisation’s systems. It is used to model how attackers might move from resource to resource and helps security teams to identify weak areas and anticipate where stronger defences, or more training, may be needed.

After the risk has been assessed and a threat status is determined, the cyber professional will then make

a recommendation for what actions to take. This could include suggesting new security procedures,

acquiring new security tools, such as anti-malware tools, hiring more security professionals, conducting

testing, such as a vulnerability assessment or vulnerability scan, or additional training for staff. The exact

recommendations will depend on the type of threat and the level of threat

Page updated

Google Sites

Report abuse