Does your organization actively use cyber threat intelligence to identify and monitor threat actors and their tactics, techniques, and procedures (TTPs) that are likely to target your business?
Explanation
Cyber threat intelligence (CTI) provides organizations with actionable information about potential adversaries, their capabilities, and methods of operation. By understanding which threat actors are likely to target your organization and their common TTPs, security teams can prioritize defenses against the most relevant threats rather than trying to defend against all possible attacks.
Evidence of fulfillment could include: subscriptions to threat intelligence feeds, documentation of regular threat intelligence briefings, reports showing how threat intelligence has been incorporated into security controls, or a threat intelligence platform with customized dashboards showing threats relevant to your industry and organization.
Implementation Example
Use cyber threat intelligence to maintain awareness of the types of threat actors likely to target the organization and the TTPs they are likely to use
ID: ID.RA-03.156
Context
- Function
- ID: IDENTIFY
- Category
- ID.RA: Risk Assessment
- Sub-Category
- Internal and external threats to the organization are identified and recorded
Related questions
- Does your organization implement vulnerability management tools to detect unpatched software and misconfigurations?
- Does your organization regularly conduct security architecture reviews to identify and remediate design and implementation weaknesses?
- Does your organization conduct security reviews, analysis, or testing of internally developed software to identify vulnerabilities in design, code, and default configurations?
- Has your organization conducted a comprehensive physical security assessment of all facilities housing critical computing assets within the past 12 months?
- Does your organization actively monitor cyber threat intelligence sources for information about new vulnerabilities in your products and services?
- Does your organization regularly conduct vulnerability assessments of business processes and procedures to identify potential cybersecurity weaknesses?

