© 2021 by John Wiley & Sons, Inc. All rights reserved.
Published by John Wiley & Sons, Inc., Hoboken, New Jersey.
Published simultaneously in Canada.
No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning, or otherwise, except as permitted under Section 107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center, Inc., 222 Rosewood Drive, Danvers, MA 01923, (978) 750-8400, fax (978) 646-8600, or on the Web at www.copyright.com. Requests to the Publisher for permission should be addressed to the Permissions Department, John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030, (201) 748-6011, fax (201) 748-6008, or online at www.wiley.com/go/permissions.
Limit of Liability/Disclaimer of Warranty: While the publisher and author have used their best efforts in preparing this book, they make no representations or warranties with respect to the accuracy or completeness of the contents of this book and specifically disclaim any implied warranties of merchantability or fitness for a particular purpose. No warranty may be created or extended by sales representatives or written sales materials. The advice and strategies contained herein may not be suitable for your situation. You should consult with a professional where appropriate. Neither the publisher nor author shall be liable for any loss of profit or any other commercial damages, including but not limited to special, incidental, consequential, or other damages.
For general information on our other products and services or for technical support, please contact our Customer Care Department within the United States at (800) 762-2974, outside the United States at (317) 572-3993, or fax (317) 572-4002.
Wiley publishes in a variety of print and electronic formats and by print-on-demand. Some material included with standard print versions of this book may not be included in e-books or in print-on-demand. If this book refers to media such as a CD or DVD that is not included in the version you purchased, you may download this material at http://booksupport.wiley.com. For more information about Wiley products, visit www.wiley.com.
Library of Congress Cataloging-in-Publication Data
Names: Moore, Richard O., III, 1971- author.
Title: Cyber intelligence-driven risk : how to build and use cyber intelligence for business risk decisions / by Richard O. Moore III, MSIA, CISSP, CISM.
Description: Hoboken, New Jersey : John Wiley & Sons, [2021] | Includes bibliographical references and index.
Identifiers: LCCN 2020035540 (print) | LCCN 2020035541 (ebook) | ISBN 9781119676843 (cloth) | ISBN 9781119676911 (adobe pdf) | ISBN 9781119676898 (epub)
Subjects: LCSH: Business enterprises—Security measures. | Data protection. | Cyber intelligence (Computer security) | Risk management.
Classification: LCC HD61.5 .M66 2021 (print) | LCC HD61.5 (ebook) | DDC 658.15/5–dc23
LC record available at https://lccn.loc.gov/2020035540
LC ebook record available at https://lccn.loc.gov/2020035541
Cover Design: Wiley
Cover Image: © whiteMocca/Getty Images
Preface
Knowing is different from doing, and therefore theory must never be used as norms for a standard, but merely as aids to judgment.
– Carl von Clausewitz
OVER THE past decade, organizations have continued to acquire technologies and monitoring systems, and have focused technology personnel only on protecting the organization's external perimeters and forgetting simple cyber hygiene. What is missing from many organizations is how cyber intelligence knowledge is leveraged to enhance business risk decision-making processes. This book is a body of work that is consistently evolving to meet new cyber risks, address the lack of cyber-skilled individuals, and provide more efficient processes to enhance the cyber defensive posture of an organization. The CI-DR™ program we will be discussing here is about building or enhancing an “intelligence capability” (i.e. cyber) that is traditionally missing during risk management conversations and business strategies. Where business risk management is a common practice, the cyber intelligence component is emergent in how operational risk can discuss the velocity and impact to business risk management and provide a distinctive outcome regarding strategy. We believe that building the connective tissues of cyber intelligence and business risk management by outlining capabilities and functions into a cohesive program creates significant business value. We call that collection the Cyber Intelligence–Driven Risk (CI-DR™) methodology.
CI-DR is a proven methodology in building cyber programs, as it not only defines the connectivity between functions and capabilities but creates a different view of how cyber information is used, and improves the business risk processes that plague many organizations. The CI-DR program methodology is essential to any sized organization looking to build, enhance, understand, and grow their cyber defensive capabilities and cyber operational risk programs. The CI-DR program framework can provide guidance and direction that will mitigate consistent failures to respond and react appropriately to emerging cyber risks. The CI-DR methodology is designed to provide business leaders with clear information to make decisions and understand the impact a cyber incident can have on the business. A CI-DR program is very different from the traditional application of cyber threat intelligence, which is a subcomponent where technical details are passed from a managed security service provider (MSSP) or a security operations center (SOC) and are used by internal leaders of technology or cybersecurity. A CI-DR program enhances the traditional approach of intelligence, cybersecurity, and risk management by using a collaborative fused program consisting of dedicated intelligence analysts from both the business and cybersecurity disciplines who can turn information into a business risk decision.
CI-DR does not change how traditional business intelligence (BI) operates but provides a framework for cyber intelligence enhancements that benefits current BI functions and provides the intersection with operational risk management. Having each of these capabilities operating as part of the connective tissue ecosystem enhances business decision structures. Terms such as “risk intelligence,” “network intelligence,” and “cyber threat intelligence” have been around since 2008. However, these concepts have not been consistently implemented to harness and leverage the information required for today's business decisions. Excluding some of the Fortune 100 companies, many have done little to adopt cybersecurity risks or cyber intelligence “knowledge” into their business risk management objectives. Those companies continue to focus the majority of budgets on purchasing new technology to try and enhance their security posture, but are consistently finding failure in that process.
This book references and is built on military intelligence lessons learned and processes that have been proven by best practices used for giving military commanders the ability to understand their area of operations and key strategic objectives. The CI-DR program leverages these key concepts and adopts them for business leaders to enhance their business operational risk objectives. This is the first book of a series designed for visionary cyber professionals
