Intelligence-led testing

Question 1

Describe Intelligence-led Security Testing

Answer 1

Understanding the range of scenarios in which threat intelligence can be used within an organisation.

Question 2

Importance of Intelligence-led Testing

Answer 2

Helps organisations understand the threat they face and ensures they are defending themselves against threats specific to them.

Question 3

Purpose of Intelligence-led Testing

Answer 3

Understand the threat to protect yourself from it.

Question 4

CTI Component in Testing Frameworks

Answer 4

Ensures organisations are tested on their ability to prevent, detect and respond to realistic, contemporary and accurate attacks.

Question 5

What is CBEST?

Answer 5

Part of the Bank of England and PRA’s toolkit to assess cyber resilience of firms’ important business services.

Question 6

What is TIBER-NL?

Answer 6

Threat Intelligence Based Ethical Red-teaming for the Dutch financial sector.

Question 7

TBEST

Answer 7

Framework for the UK telecoms sector.

Question 8

TIBER-EU

Answer 8

Framework for the European financial sector.

Question 9

iCAST

Answer 9

Intelligence-led Cyber Attack Simulation Testing for Hong Kong’s financial sector.

Question 10

GBEST

Answer 10

Framework for UK government departments.

Question 11

ATTEST

Answer 11

Framework for the UK aviation industry.

Question 12

Risk Formula

Answer 12

Risk = Vulnerability x Threat x Impact.

Question 13

Definition of Threat

Answer 13

The intent and capability of an adversary to target an asset.

Question 14

Threat Understanding

Answer 14

Organisations need to know who is likely to target what assets, where, when, how and why to defend themselves.

Question 15

Risk Assessment

Answer 15

Combine threat understanding with cyber defence maturity to calculate likelihood of an incident.

Question 16

Risk Score

Answer 16

Likelihood X Impact.