“How to define and build threat intelligence capability”

 Venerdì 15 maggio 2020

dalle ore 15:00, alle ore 17:00

How to define and build threat intelligence capability


Relatore Prof. ing. Claudio Cilli (Recognised international authority in the areas of National Security and Intelligence, company protection, information systems security and compliance, with over 25 years of experience. Adjunct Professor at Rome University. CIA, CISA, CISM, CGEIT, CRISC, CISSP, CSSLP, HCISPP, M.Inst.ISP. President of the ISACA Rome (Italy) Chapter)


What is “threat intelligence”? A term overused and ill-defined! What is required to create a true threat intelligence capability, and how does this relate to the nirvana of cyber situational awareness?

During this talk, we will: Define “threat intelligence”, distinguishing between threat data and how this can be processed into “intelligence”. Discuss some of the data sources (open and closed networks), how organisations are beginning to share more data, and the benefits of incorporating threat data into correlation systems. Explain why data must first be contextualised and ranked before it becomes “intelligence”. Argue why this is difficult to automate effectively, and the role your security staff have in operationalising the output. Continue to describe the term “cyber situational awareness”, referencing literature and movies in a fun way to explain how this is achieved and why it is important. Show how this enables organisations to achieve an almost unconscious heightened level of security preparedness.

  • Understanding the requirements for threat intelligence
  • Providing a template for a security organisation wishing to create an intelligence function
  • How to progress towards “cyber situational awareness”

Articulate the need for careful investment in staff, not just technology, in order to benefit from threat data.