This article provides additional information on how you can meet the requirement for the CAF control - A2.b Understanding Threat
Threat intelligence has become a key requirement of any cyber security strategy. Understand the capabilities, methods and techniques of threat actors is imperative to be able to identify how they may compromise your information systems.
Identification of threats
- Monitoring/subscribing to credible sources of threat intelligence such as BleepingComputer, NCSC and CISA. Take a look at this help article for setting up an RSS feed for Bleeping computer.
- Applications and infrastructure should be regularly scanned for vulnerabilities and misconfigurations using approved tools.
Analysis of threats
- Have a documented process for analysing threats and assessing priority for necessary actions. It should be a consistent and repeatable process.
- Assign an owner to manage the threat intelligence process
Management of threat risk
- Vulnerabilities identified via scanning should be prioritised based on severity and remediated within timeframes appropriate to their risk level with progress tracked through an established workflow.
- For threats that pose longer-term or systemic risks:
- add the risk to the risk register within Adoptech,
- assign a treatment program according to the criticality applying necessary controls