CI Principle I (threat awareness): “Continuously analyze the strategies and tools that cyber adversaries use.” Julisch (2013) argues that the adversaries’ strategies will change, and in response, firms’ maturity regarding the Principle I will be dependent upon the firms’ responsiveness to adapt accordingly.2. CI Principle II (preparedness): “Minimize your attack surface, i.e. the number of vulnerabilities that the threat can exploit.” Julisch (2013) provides several opportunities to apply this principle: assessing and managing ‘cyber footprint’, more restrictive spam filtering, the outright deletion of high-risk attachments, and identifying and blocking malicious Web pages and outgoing command and control channels. 3. CI Principle III (situational awareness): “Build situational awareness of the evolving state of attacks and intrusions.” When discussing this principle, Julisch (2013) argues the importance to understand APTs’ staged advancements and to comprehend the state of attacks and to block them in tracks and suggest anomaly detection as the most powerful technique for this principle. In wrapping up this anti-pattern, Julisch (2013) illustrates cyber intelligence in Fig 1. “Cyber intelligence combines the strategic intelligence of understanding and preparing for threats (Principles I and II) with the tactical intelligence of responding to dynamic threat situations (Principle III)” and urges us to perform the cycle faster to become more adaptable, thus yielding more limited opportunity for the attackers.Weak Governance (the anti-pattern #4) – Regarding IT
CI Principle I (threat awareness): “Continuously analyze the strategies and tools that cyber adversaries use.” Julisch (2013) argues that the adversaries’ strategies will change, and in response, firms’ maturity regarding the Principle I will be dependent upon the firms’ responsiveness to adapt accordingly.2. CI Principle II (preparedness): “Minimize your attack surface, i.e. the number of vulnerabilities that the threat can exploit.” Julisch (2013) provides several opportunities to apply this principle: assessing and managing ‘cyber footprint’, more restrictive spam filtering, the outright deletion of high-risk attachments, and identifying and blocking malicious Web pages and outgoing command and control channels. 3. CI Principle III (situational awareness): “Build situational awareness of the evolving state of attacks and intrusions.” When discussing this principle, Julisch (2013) argues the importance to understand APTs’ staged advancements and to comprehend the state of attacks and to block them in tracks and suggest anomaly detection as the most powerful technique for this principle. In wrapping up this anti-pattern, Julisch (2013) illustrates cyber intelligence in Fig 1. “Cyber intelligence combines the strategic intelligence of understanding and preparing for threats (Principles I and II) with the tactical intelligence of responding to dynamic threat situations (Principle III)” and urges us to perform the cycle faster to become more adaptable, thus yielding more limited opportunity for the attackers.Weak Governance (the anti-pattern #4) – Regarding IT