Threat Intelligence and Detection
Monitor intelligence-gathering and anticipate potential threats to an ICT system proactively. This involves the pre-emptive analysis of potential perpetrators, anomalous activities and evidence-based knowledge and inferences on perpetrators' motivations and tactics
Type
Functional
Competency Area
Design and Architecture
Levels
Install security applications and interpret logs to detect anomalous activity, intrusions and threats
Install security applications and appliances for detecting intrusions and guarding against attacks
Monitor access control mechanisms, network activities and operating systems
Interpret information from logs and scanners to detect threats and intrusion attempts
Apply detection technologies, checks and techniques to identify anomalous activity and patterns
Recognise indicators of attacks during the detection process
Follow-up with relevant parties on any security threats or intrusions detected
Use technologies, methods and tradecraft to retrieve and organize threat data or information
Identify vulnerabilities, potential exploits, methods, motives, and capabilities
Identify resources and technologies required for intrusion detection according to technical and cost guidelines
Implement intrusion detection and analysis based on key objectives and stakeholders' requirements
Analyse collected information to identify vulnerabilities and potential for exploitation
Review multiple sources of data and intelligence feeds
Conduct intelligence analysis of cyber activities to identify entities of interest, potential methods, motives, and capabilities
Present contextual information to place cyber attacks in context
Integrate information to support the creation of internal cyber threat intelligence products
Develop strategies to monitor threats and project future technical cyber threat scenarios and present reports to key stakeholders
Develop strategies for threat monitoring and tracking efforts across enterprise systems
Perform advanced trend, pattern and statistical analysis to project future technical cyber threat scenarios
Synthesise multiple information sources and analysis reports into a holistic view of potential threats
Draw insights about the potential impact of estimated cyber threat scenarios
Develop mission reports and threat intelligence products that leverage so as to present analysis of threat data to key stakeholders
Lead comprehensive evaluation of the capabilities and activities of cyber criminals, foreign intelligence entities or perpetrators
Conduct in-depth research into cyber security issues of industry-wide or nation- wide significance
Produce findings to help initialise or support law enforcement and counterintelligence investigations or activities
Establish a threat intelligence strategy and direct analysis and integration across various sources
Develop an overarching threat intelligence strategy
Manage the research, analysis, and data integration across a wide variety of information sources
Determine the tactics, techniques and procedures used for intrusions and attacks
Present an informed and robust point of view on both current and anticipated threats, perpetrators, motivations, doctrine and modus operandi
Articulate significance of evolving cyber security threats to critical decision-makers and senior management in the organisation
Present policy recommendations and impact assessments to critical industry stakeholders and leaders
Anticipate evolving trends and threats in the operating environment, and redefine threat intelligence strategies
Chart direction to anticipate trends, changes and evolution of cybersecurity threats in the operating environment
Redefine threat intelligence strategy in anticipation of evolving operating environment
Employ new methodologies and tactics to anticipate and detect threats