Richard O. Moore, III - Cyber Intelligence-Driven Risk

Classification: LCC HD61.5 .M66 2021 (print) | LCC HD61.5 (ebook) | DDC 658.15/5–dc23

LC record available at https://lccn.loc.gov/2020035540

LC ebook record available at https://lccn.loc.gov/2020035541

Cover Design: Wiley

Cover Image: © whiteMocca/Getty Images

Knowing is different from doing, and therefore theory must never be used as norms for a standard, but merely as aids to judgment .

– Carl von Clausewitz

OVER THE past decade, organizations have continued to acquire technologies and monitoring systems, and have focused technology personnel only on protecting the organization's external perimeters and forgetting simple cyber hygiene. What is missing from many organizations is how cyber intelligence knowledge is leveraged to enhance business risk decision-making processes. This book is a body of work that is consistently evolving to meet new cyber risks, address the lack of cyber-skilled individuals, and provide more efficient processes to enhance the cyber defensive posture of an organization. The CI-DR™ program we will be discussing here is about building or enhancing an “intelligence capability” (i.e. cyber) that is traditionally missing during risk management conversations and business strategies. Where business risk management is a common practice, the cyber intelligence component is emergent in how operational risk can discuss the velocity and impact to business risk management and provide a distinctive outcome regarding strategy. We believe that building the connective tissues of cyber intelligence and business risk management by outlining capabilities and functions into a cohesive program creates significant business value. We call that collection the Cyber Intelligence–Driven Risk (CI-DR™) methodology.

CI-DR is a proven methodology in building cyber programs, as it not only defines the connectivity between functions and capabilities but creates a different view of how cyber information is used, and improves the business risk processes that plague many organizations. The CI-DR program methodology is essential to any sized organization looking to build, enhance, understand, and grow their cyber defensive capabilities and cyber operational risk programs. The CI-DR program framework can provide guidance and direction that will mitigate consistent failures to respond and react appropriately to emerging cyber risks. The CI-DR methodology is designed to provide business leaders with clear information to make decisions and understand the impact a cyber incident can have on the business. A CI-DR program is very different from the traditional application of cyber threat intelligence, which is a subcomponent where technical details are passed from a managed security service provider (MSSP) or a security operations center (SOC) and are used by internal leaders of technology or cybersecurity. A CI-DR program enhances the traditional approach of intelligence, cybersecurity, and risk management by using a collaborative fused program consisting of dedicated intelligence analysts from both the business and cybersecurity disciplines who can turn information into a business risk decision.

CI-DR does not change how traditional business intelligence (BI) operates but provides a framework for cyber intelligence enhancements that benefits current BI functions and provides the intersection with operational risk management. Having each of these capabilities operating as part of the connective tissue ecosystem enhances business decision structures. Terms such as “risk intelligence,” “network intelligence,” and “cyber threat intelligence” have been around since 2008. However, these concepts have not been consistently implemented to harness and leverage the information required for today's business decisions. Excluding some of the Fortune 100 companies, many have done little to adopt cybersecurity risks or cyber intelligence “knowledge” into their business risk management objectives. Those companies continue to focus the majority of budgets on purchasing new technology to try and enhance their security posture, but are consistently finding failure in that process.

This book references and is built on military intelligence lessons learned and processes that have been proven by best practices used for giving military commanders the ability to understand their area of operations and key strategic objectives. The CI-DR program leverages these key concepts and adopts them for business leaders to enhance their business operational risk objectives. This is the first book of a series designed for visionary cyber professionals striving to develop and improve outdated cyber defense systems and design a future-proof cyber program that contributes to enhanced business risk decision-making. This initial book provides the foundations for the creation of an actionable (i.e. build and use) CI-DR program that can be applied tomorrow to solve the gap between enterprise risk management, security architecture, and the current management of cyber risks in use today. Additionally, this book leaves out specific vendor technology solutions, as we want to focus the reader on how cyber intelligence functions and capabilities can drive better risk decision structures in today's digital age. By mentioning technology solutions we mask the foundational cyber concepts needed to drive decisions to keep up with the velocity of business changes. Additionally, this book can be used by cybersecurity professionals, software architects, mergers-and-acquisitions teams, government “think tanks,” academics, and students looking to help businesses make better choices about risk by building a proper program focused on delivering risk options to the decision-maker.

Every industry can benefit by creating or enhancing their business risk management program. Our CI-DR framework provides you, the reader, with the opportunity to build these capabilities, whether internally built, acquired through merger or acquisition, or sourced from the many service providers; this handbook provides the tools and the framework needed to ensure that it is effective. By the end of this book, the reader should understand what functional capabilities are needed to build a CI-DR program; the importance of why the “connective tissue” between the functions and capabilities is so valuable, and how the CI-DR program can be adequately leveraged to assist leaders in making more informed business decisions in the era of increased emergent cyber threats and attacks. Depending on the level of business understanding, the reader will be able to:

Build, buy, or outsource certain functions of the cyber intelligence–driven risk program.

Understand the functional capabilities needed to have an active program.

Turn cyber intelligence “knowledge” into business risk decisions.

Effectively use cyber intelligence to support enterprise and operational risk management programs.

Reduce the impact of cyber events through cyber intelligence “knowledge” for many business operations and not just through purchasing of new technologies.

Leverage a cyber intelligence–driven risk program to support mergers and acquisitions and collect the benefits of predictive cyber intelligence analytics.

Understand how the CI-DR program can reduce loss from cyber events for the organization and provide a proactive cyber defensive posture needed to meet emerging threats.

If this book inspires you to create new technologies, build a company to support these capabilities, or reduce risk and costs to your organization, please drop us a note on social media (@cybersixactual) or send us an email ( https://www.cybersix.com), we would love to hear from you.

AS WE come out of the 2020 pandemic, many of us give pause to think about who we are, where we came from, and where we are going. This book would not be possible to complete and keep consistent without the assistance and support of colleagues, students, friends, and contributing authors. I would like to thank the United States Marine Corps for giving me drive, direction, skills, and a brotherhood that has been forged by combat. I would also like to thank SPAWAR (now NAVWAR) for giving me the information security skills to make my career possible. To Norwich University's Graduate MSIA program for providing an education second to none. To Northeastern University and Salve Regina University for providing me the opportunity to give back to the information security community and educate the next generation of cybersecurity professionals. I also want to thank those who supported my career growth and provided mentorship throughout my years in the cybersecurity profession. My first mentor and first Chief Information Security Officer (CISO), John Schramm, who was at the time leading the Investor's Bank and Trust Information Security group. John, as a prior US Army Officer, led me to take a position in KPMG's Information Protection group in lieu of rejoining the US government. My second mentor and the CISO who challenged me to succeed is Jim Routh. Jim was the first CISO I worked for who had transformational programs and business objectives tied to moving cyber activities into the forefront of business decisions. My last CISO, who mentored me in patience and helped develop my transformational concepts, is Steve Attias. Steve had been a CISO at New York Life since the declaration of that industry title, and continues to advise companies on cybersecurity programs in his retirement. Finally, to my mentor-friend, Marc Sokol. Marc was the Chief Security Officer at Guardian Life when I was at New York Life but had a good decade of experience in leading an insurance company's cybersecurity programs. Marc was instrumental in my growth, executive experiences, and still assists today where I need additional help or support.