Threat Assessment for Information Assurance

The Information Assurance Advisory Council (IAAC) project team was assigned to enable the research to benefit from consultations with IAAC members and to use IAAC as a ..... channel for the research results.

Amongst both governments and businesses, there is increasing concern that information security ..... and cybercrime will undermine trust in the new economy and threaten the development of the Information Society.

However, the current information systems security ..... is a reactive model that involves detection of, and reaction, to attacks once they are underway.

There is a ..... end-user need to increase warning time so that organisations can take preventive steps to minimise their losses from cyber-attacks.

Due to the need to limit the project to observable open source indicators, the project focused upon one portion of the threat spectrum, namely crackers and ......

The project involved the establishment of a comprehensive ..... for monitoring numerous sources of communications about and between threat actors.

By fusing technical indicators with a range of indicators based on attacker motives and intentions, the project was able to categorise threat entities, ..... in trend analysis and provide some threat course of action prediction.

Substantive, positive discoveries were made about the viability of employing early warning methodologies against sub-state cyber-threats but the programme did not attempt to actually predict an ..... attack.

Threat profiling, taking into account motives, intentions, capabilities and behavioural patterns, emerged as one of the most profitable ..... in building predictive indicators of sub-state cyber threats.

The project proved the concept of building a systematic, repeatable and quality-assured Intelligence Process to collect, ..... and analyse open source communications concerning sub-state threat actors.