Print this chapterPrint this chapter

Chapter 2 Exploring Cybersecurity Threats

2. Threat Data and Intelligence

2.6. Assessing the Confidence Level of Your Intelligence

Audio

 

 

Transcript

So let's look at assessing the confidence level. 

Of your intelligence.

The first thing you want to look at is, is. It confirmed. So is it a confirmed attack or confirmed on their ability? Does it use independent sources? So if it's just Joe Bobs bad list?

Are they the only source or do they list multiple sources?

Is it direct analysis that proves the threat is real so so it's it's confirmed your confidence would be 90 to 100%?

If it's probable relies on logical inference inference but does not directly confirm the threat, so they're saying based on things that happened in the past, it's logical or logically, this attack could happen and could happen to you. That's kind of a 70 to 90% confidence.

It's like, OK, there's a chance that this attack could happen. You know, it's, you know, if you let's put it in terms of.

Sports. If a guy is a 300 hitter, that means every 10 at bats, he's going to get three hits. Well, if he's on his 7th at bat and he's only had two hits, it's getting probable that he's going to get another hit soon. So.

You can't guarantee it's going to be 8-9 or ten, but it's probable that he's be based on the logic of his average. It's probably.

So then possible a 50 to 70% reliance is used when some information agrees with the analysis, but the assessment is not confirmed so nobody has confirmed that it's really going on. But there's some analysis.

Firm.

That the information agrees with so.

Then there's doubtful which is 30 to 50%. It's assigned when the assessment is possible, but not the most likely option, or the assessment cannot be proven or disproven by the information.

Say they know there's a vulnerability that nation states are taking advantage of.

And your little mom and pop.

Hardware store or pizza shop. You know, maybe you got a couple locations you know, is it really possible that?

A nation state is going to attack you, you know? Yeah, it may be that vulnerability is real, but the chances of you being attacked, you know, are doubtful that improbable 2 to 29 means that the assessment is possible, but not the most logical.

Option or is refuted by other information that is available.

So basically.

It's improbable it could happen. There's a one in ten chance, you know, one in 100 chance that it could happen, but most likely it's not going to. And there's no information out there to say that it's not. So I'll use my weather for today.

We were calling for 80° and rain.

And it was beautiful with sunshine all day long. And all you had to do was look out the window and there was information to refute the possibility of rain because there was no rain clouds. And there was bright sunset. So that would make it improbable that was going to rain. Now that's a little bit of a stretch of analogy.

From security, but basically you get the gist there. It's just most likely not happening. You know to your network, to your company.

And then the last is discredited is there's a 1% chance for that 1% confidence. 

Now the.

1% confidence. I'm sorry is used when the assessment has been confirmed to be inaccurate or incorrect. So there's an assessment, but people have already proved that it's not accurate and it's not happening.