Blog Goal Of Threat Intel

Implementing a Threat Intel Program is Critical to Cybersecurity

Organizations today are under constant attack from cybercriminals so developing an effective threat intel program is imperative as a way to defend your organization. The recently published Consortium Networks’ CISO white paper The Goal of Threat Intelligence offers practical advice on the best way to set up your threat intel defense.

The basic steps cover setting clear goals, so you can target the right data set from the vast amount of data available to avoid “over analysis.” Then, you gather input from both your technical and business teams to establish priorities. This is followed by leveraging the knowledge of all stakeholders to identify common perceived and actual threats that currently exist.

Ideally, it’s important to find the right blend of data analysis and cybersecurity expertise. Combining this technical knowledge with business intelligence leads to a synergistic analysis of data that will yield the best results.

Setting up a successful threat intel program requires establishing a repository to hold the data discovered in the fact-finding stage. Ultimately, you need to document rules for classifying and organizing the gathered intel. Then you define how you will share updates, information, and other actionable communication.

As discussed in the CISO whitepaper, the key to an effective program is being able to deliver easy-to-understand, actionable intelligence to all relevant stakeholders, decision makers, and employees. An actionable threat intelligence program takes time, but it is never finished since it must be flexible enough to adapt to changes that arise. It’s important to keep the lines of communication open with everyone involved – vendors, peers, decision makers – to be able to correct any missteps that occur along the way.

Join Consortium Networks today to download the full white paper and to receive access to other valuable security technology content.

Steps For Cyber Security Blog Header Template
14, 2017

5 Fundamental Steps for Cyber Security

Every business connected to a network is data rich target for cybercriminals. “Ransomware,” which was a term rarely unheard of until a few years ago, is now a daily threat. IoT hacking, DDoS attacks, and internal threats are all a reality today as well, making the job of IT security teams never complete. And as cyber threats and attack methods evolve, so must the way businesses think about IT security.

Michal Zanga, formerly of the Royal Bank of Scotland, stresses that having a cyber security policy document in place is the first step in protecting businesses data and other digital assets from malicious actors. “You have to start with a policy in place,” says Zanga, “and it has to be comprehensive across the organization.” But the policy is just that-a first step in a series of actions IT teams and businesses must commit to and stay on top of.

The whitepaper CISO Best Practices: The Starting Point for Cyber Security -- available to members of Consortium -- is based on the premise that, at some stage, all networks will face attacks that expose flaws in the system. On top of building a stakeholder approved policy document, the article covers four additional steps IT teams should take in order to be prepared for when the attack happens. These additional steps include:

  • Assume you will be breached and develop a response plan
  • Using external parties to test the system and obtain valuable, independent assessment data on how to strengthen current and future security posture.
  • Addressing the internal and external channels, including those that may come from stakeholders and employees.
  • Planning ahead and instituting a system for promptly addressing ongoing changes.

Join Consortium today to get access to the full article along with other information that will help keep your data, digital assets, and business brand secure.

Ciso Dlp System
01, 2017

Developing, Implementing and Maintaining a Data Loss Prevention (DLP) System

A data loss prevention program (DLP) ensures sensitive and critical data is not sent outside the corporate network in an unauthorized manner. Unfortunately, many organizations rely on a software-only approach to monitor and control the flow of data, resulting in large gaps that leave room for internal and external threats to damage business assets. Though technology plays an important role in any effective DLP program, it's only one component. Corporate governance, team resources, and processes also need to be established in order to maximize security within the DLP framework.

Developing a business-wide DLP program requires IT to create and conduct a detailed risk assessment. The results from the risk assessment inform the CISO and other corporate stakeholders on how to proceed in implementing a DLP program. The next step of the risk assessment stage, classification of breaches, requires CISOs to identify the type of incidents that lead to data loss. This stage also identifies which internal and external groups are most likely to trigger a data loss event. The final step for the CISO is to index which departments need to be involved as part of the DLP response plan.

After risk assessment planning, the real work begins. Implementing and monitoring, resolving challenges, DLP program sustainability, network versus endpoint choices are just some of the challenges CISOs face when keeping corporate data safe.

Join Consortium today to get access to the full Best Practices white paper. Inside, you'll see how one CISO successfully deployed a DLP solution along with the lessons he learned along the way.

Get access to the full article by becoming a member of Consortium today.

Ciso Best Practices Engaging The Board
19, 2017

When board members need to understand information security, risk, and vulnerabilities, they turn to the CIO. However, it’s the CISO who typically has the most up-to-date knowledge on the information related threats and opportunities facing the organization. With the right preparation, the CISO can engage the board with a streamlined security assessment that balances the need to deliver detailed information with operational outcomes.

In this article, Michael Zanga, former CAO of the Royal Bank of Scotland, uncovers the best practices for engaging the board. These practices include: 

Addressing Budgetary Issues

The CISO needs to convey that the level of security provided is correlated to the IT security budget the board approves. At the same time, the CISO needs to inform the board that total security doesn’t exist no matter the level of the budget approved.

Measuring Security Posture

Operational risk, internal audit, technology risk, and third party assessments are all measurements the CISO needs to succinctly explain to the board.

Developing Presentation Frameworks

“Boards don’t need a monthly update,” says Zanga. Taking this tip, the CISO needs to develop a presentation framework that gives the board exactly what they need to know. Overloading the board with information only leads to confusion.

Explaining to the Board the Role of the CISO

Board members may have different expectations of what is required of the CISO on a day-to-day basis. It’s up to the CISO to explain the role through which actions are taken to continually improve security posture.

The role of CISO is too important to not operationally define to the Board.

Get access to the full article by becoming a member of Consortium today.

Ciso Best Practices Securing Big Data
28, 2017

Scattered data storage and access patterns have created a scenario where enterprise information is under constant threat from internal and external actors. It’s up to the CISO to design, develop, and implement a solution that secures big data and drives business value across the organization. The CISO must also be able to justify the big data security plan to the Board and obtain critical stakeholder buy-in.

Michael Zanga, former CAO of the Royal Bank of Scotland, understands the big data strategies faced by CISOs. In this article, he shares his best practices for:

Cleaning Big Data

Data needs to be unified, tidied, and cleaned before any thoughtful analysis can begin. More importantly, practicing good data hygiene gives all stakeholders access to the data in a way that can be understood or easily explained.

Addressing Access, Control, and Validation Concerns

After cleaning data, CISOs need to use the data patterns to identify scenarios and situations that constitute a red flag.

Presenting Big Data to the Board

CISOs should present big data findings to the board in the simplest way possible. Board experts need answers and solutions to business problems - not how to become experts in the language and practices of big data.

Leveraging Big Data to Drive Business Value

The problems that big data exposes can also be turned into business opportunities. The more data that enters the system, the more value CISOs can extract.

Get access to the full article by becoming a member of Consortium today.

Ciso Best Practices Developing Communication Plan Breach
14, 2017

Developing a Communication Plan for a Breach

When a breach occurs, CISOs need to have a clear communication plan in place that describes to stakeholders and managers what occurred and what steps are being taken to solve the crisis. This requires the CISO to develop both internal and external communication plans. Both documents are meant to guide the board, stakeholders, and managers on the steps they should take going forward to ensure business operations proceed without further exposing the organization to additional cyber attacks.

Michal Zanga, former CAO of the Royal Bank of Scotland (RBS), understands the need for communication planning all too well. “Our business continuity plan (BCP) never really considered how to deal with hacking,” says Zanga. “We had to learn about the need for an escalation based communication plan during a breach.”

Join Consortium to learn the best practices for developing a communications plan. Inside, you’ll learn more from Zanga’s experience in developing a communication plan, including:

Scenario Planning

Scenario planning asks the CISO to answer the question, “plan for what?” Without developing a range of likely scenarios, the communication plan can’t be developed.

Scenario Testing

Zanga explains the need and value-add of bringing in a third-party to conduct a risk assessment. Outside vendors can adequately stress the IT security environment, setting off triggers that put the communication plan into action. After the testing is done, the CISO can evaluate how well the communication plan performed.


Daily system reports are an important supplement to communication plan building. Everything from port scanning to breach attempts need to be reported for CISOs keep the communication plan up to date. A communication plan lets organizations respond to breaches as a single, unified entity.

Get access to the full article by becoming a member of Consortium today.