Threat intelligence and threat assessment

Skill definition

Threat intelligence and threat assessment encompasses evidence-based knowledge, including context, mechanisms, indicators, implications and actionable advice, about an existing or emerging concern or risk that has been aggregated, transformed, analysed, interpreted or enriched to provide the necessary context for decision-making processes. Principles of the skill include assessing and validating information from several sources on current and potential cyber and information security threats to the business, analysing trends and highlighting information security issues relevant to the organisation, including security analytics for big data; processing, collating and exploiting data, taking into account relevance and reliability to develop and maintain ‘situational awareness’; predicting and prioritising threats to an organisation and their methods of attack; analysing the significance and implication of processed intelligence to identify significant trends, potential threat agents and their capabilities, predicting and prioritising threats to an organisation and their methods of attack; using human factor analysis in the assessment of threats; using threat intelligence to develop attack trees; and preparing and disseminating intelligence reports, providing threat indicators and warnings.

Awareness

Understands and utilises basic threat principles and concepts

Working

Understands and can explain threat intelligence and threat assessment principles and concepts

Uses prescribed tools and techniques to acquire, validate and analyse threat information from multiple sources

Under direction enriches threat information by providing context, assessing possible implications and summarising the behaviour, capabilities and activities of threat actors

Uses approved techniques to model routine threats, under supervision, to identify common enterprise attack vector, identify critical organisational functions, and protect organisational assets and goals

Applies knowledge to prioritise remediation of identified vulnerabilities for a single asset or system

Practitioner

Has an advanced understanding of threat intelligence and threat assessment principles and concepts, and leads threat intelligence and assessment activities

Identifies sources of threat information and utilises a variety of techniques, without supervision, to acquire, validate and analyse threat information, enterprise attack vectors, and critical organisational functions from multiple sources. Synthesises and places intelligence in context

Applies expertise and insight to enrich threat information, including understanding the behaviour, capabilities and activities of threat actors and assessing possible implications, prioritising remediation of identified vulnerabilities for multiple systems

Disseminates enriched threat intelligence

Applies threat intelligence to model threats and protects organisational assets and goals, including informing the selection of security controls, developing indicators of compromise, detecting illicit behaviour (including evidence of fraud and crime), providing context for undertaking investigations and responding to events

Directs others in undertaking threat intelligence activities

Expert

Demonstrates a highly advanced understanding of threat principles and concepts. Identifies sources of threat information and selections and, where required, develops techniques to acquire, validate and analyse threat information from multiple sources

Synthesises and places complex intelligence in context, understanding relevance in the context of organisational strategy

Applies and directs others in application of expertise and insight to enrich threat information, including understanding the behaviour, capabilities and activities of threat actors and assessing possible implications

Is responsible for disseminating enriched threat intelligence

Directs and is responsible for the application of threat intelligence to model threats, including sophisticated and complex threats, to protect organisational assets and goals, including informing the selection of security controls, developing indicators of compromise, detecting illicit behaviour (including evidence of fraud and crime), and providing context for undertaking investigations and responding to events

Leads and oversees the threat intelligence function and activities for an organisation

Is responsible for strategy, policy, procedures, guidelines and selection of relevant tools and techniques within the organisation

Advises and influences senior management when required, and influences developments in the field at a national level