Adopting and integrating cyber-threat intelligence in a commercial organisation
研究一家大型跨国金融公司如何采纳和整合网络威胁情报来应对高级网络攻击,提供了将情报转化为企业安全实践的具体方法。
Cyber-attacks are increasingly perpetrated by organised, sophisticated and persistent entities such as crime syndicates and paramilitary forces. Even commercial firms that fully comply with industry “best practice” cyber security standards cannot cope with military-style cyber-attacks. We posit that the primary reason is the increasing asymmetry between the cyber-offensive capability of attackers and the cyber-defensive capability of commercial organisations. A key avenue to resolve this asymmetry is for organisations to leverage cyber-threat intelligence (CTI) to direct their cyber-defence. How can commercial organisations adopt and integrate CTI to routinely defend their information systems and resources from increasingly advanced cyber-attacks? There is limited know-how on how to package CTI to inform the practices of enterprise-wide stakeholders. This clinical research describes a practitioner-researcher’s experiences in directing a large multinational finance corporation to adopt and integrate CTI to transform cybersecurity-related practice and behaviour. The research contributes practical know-how on the organisational adoption and integration of CTI, enacted through the transformation of cybersecurity practice, and enterprise-wide implementation of a novel solution to package CTI for commercial contexts. The study illustrates the inputs, processes, and outputs in clinical research as a genre of action research.