myctrl.tools
Compare

PM-16(1)Automated Means For Sharing Threat Intelligence

>Control Description

Employ automated mechanisms to maximize the effectiveness of sharing threat intelligence information.

>Cross-Framework Mappings

SCF

THR-03
Compare

>Supplemental Guidance

To maximize the effectiveness of monitoring, it is important to know what threat observables and indicators the sensors need to be searching for. By using well-established frameworks, services, and automated tools, organizations improve their ability to rapidly share and feed the relevant threat detection signatures into monitoring tools.

>Assessment Interview Topics

Questions assessors commonly ask

Process & Governance:

  • What program-level governance exists for automated means for sharing threat intelligence?
  • Who has overall responsibility and accountability for automated means for sharing threat intelligence across the organization?
  • How does the organization measure and report on automated means for sharing threat intelligence effectiveness?
  • What resources are allocated to support automated means for sharing threat intelligence activities?
  • How does automated means for sharing threat intelligence integrate with other organizational programs and initiatives?

Technical Implementation:

  • What enterprise systems or platforms support automated means for sharing threat intelligence?
  • How are automated means for sharing threat intelligence activities tracked and reported organization-wide?
  • What integration exists between automated means for sharing threat intelligence tools and other security/privacy systems?
  • What automation supports automated means for sharing threat intelligence at the program level?
  • What metrics or analytics are used to measure automated means for sharing threat intelligence effectiveness?

Evidence & Documentation:

  • Provide program-level documentation for automated means for sharing threat intelligence.
  • Provide evidence of automated means for sharing threat intelligence review and approval by senior leadership.
  • Provide metrics or reports demonstrating automated means for sharing threat intelligence effectiveness.
  • Provide records of automated means for sharing threat intelligence updates and improvements.
  • Provide documentation of automated means for sharing threat intelligence integration with organizational governance.

Ask AI

Configure your API key to use AI features.