CREST, a not-for-profit accreditation and certification body for the technical security industry, has developed a maturity assessment tool for cyber threat intelligence (CTI) programmes.
The tool is free and will help organisations to predict, prepare for, detect and respond to potential attacks through more effective CTI programmes.
The new Cyber Threat Intelligence Maturity Assessment Tool provides continuous and effective analysis of a CTI programme in terms of people, processes and technology and supports the adoption of a systematic, structured approach to intelligence gathering, the body says.
The tool was developed by the CREST Threat Intelligence Professionals (CTIPs) group as well as through the support of its members, industry bodies and suppliers of expert technical security services.
It is based on the 18 steps within the four-phase CTI capability programme presented in the CREST CTI Management Guide.
According to CREST, as various private and public sector organisations need different levels of CTI maturity, the tool reviews maturity against actual requirements and compares it with similar entities.
While organisations with a mature CTI programme may manage most of their operations in-house, those who are less mature may depend entirely on third parties.
In addition, a weighting factor can be set to give the results for particular steps more importance than others. The selected levels of maturity are displayed graphically for each of the four phases and overall, with calculations that take account of both the level of maturity selected for each step and the given weighting.
Ian Glover, president of CREST, says for many organisations, threat intelligence is a relatively new but increasingly critical tool in the battle against cyber crime.
“It is vital that those responsible for CTI programmes can measure the maturity and effectiveness of their programmes against standardised metrics relevant to both their business and the level of threat.”
He says by offering a free and easy-to-use tool, CREST aims to raise awareness and remove barriers to improving the cyber security posture for businesses of any type or size.
“It has already been reviewed and is in the process of being adopted by regulators across Europe as a way of obtaining key performance indicators for their regulated organisations.”
To download the tool, click here.
Share