In the last chapter, we learned about how we can integrate a cyber intelligence capability using a Capability Maturity Model (CMM). This chapter is all about the tactical level of utilizing cyber intelligence. Using the principles of OPSEC, where we identify our threats, vulnerabilities, and prioritize decisions using risk assessments, we can use the levels of the strategic capability maturity model as a priority for our resources to focus on from top management. Now that these are in place, the middle management can step in and start providing useful decision-making information to senior leadership, as well as knowing their priorities.
At this level, middle management must also have a means to collect, analyze, and disseminate information to their teams. By identifying the threats, we can now start looking at how those threats exploit vulnerabilities. If we can identify the threat and know how threats will exploit possible vulnerabilities, we can start thinking about establishing a means to be proactive about security. This concept of proactive security, or offensive security, is also known as Active Defense.
From a high level, we will discuss the following:
- What is Active Defense?
- The principles of Active Defense
- Legal concerns
- Techniques, tactics, and procedures
- Communication and collaboration