Cyber Threat Intelligence SIG

Mission

To define Threat Intelligence in the commercial space. To discuss common applications of threat intelligence capability with a view to agree best practice in the context of supporting effective digital forensics and incident response (DFIR) operations.

Goals/Deliverables

Workshop on Threat Intelligence - collating a common FIRST view of threat intelligence
Briefing Paper – Using Threat intelligence to Support Incident Response
Creation of a FIRST wide common body of knowledge (CBK) on Threat Intelligence
1. Definitions of commonly used terms and terminology
2. Collate list of Open Source Threat Intelligence Tools that can be used by Threat Intelligence Teams
3. Glossary Collate list of Cyber Threat Intelligence Feeds and sources
4. Description of methods, models and techniques
We are considering training modules as an output. There is a severe lack of training in this area at present.
Stock slide-deck for FIRST members to present the topic of Threat Intel to their executive management

Chairs

James Chappell
Krassimir Tzvetanov

Member section

Experience in the commercial or government space relevant to the SIG mission and at discretion of the chairs.

Mailing list

cti-sig@first.org
(subscribers only, please send requests to join to first-sec@first.org)