The requirements for knowledge development and management for cyber security operations need to support the use of threat intelligence, triage and incident management as well as numerous other capabilities. What does a Security Analyst want when they are looking for something to help them support or perform the task they are doing? They want assurances that the information they find is going to add value to their task and how they perform it.
All security operations should consider preparing a security knowledge charter for all participants at all levels of management. In this charter, it should set out the rules, roles and responsibilities of how security knowledge is created and distributed to all team members. More importantly, it should set out clear evidence and references to underpin the facts and figures they use.
Every team member, at some point of their participation, will create information to support a SOC deliverable. That could be either a word document from a template, a Visio model or diagram, a spreadsheet or PowerPoint presentation. The charter must set out ways to use reviews, opinions and feedback to distinguish particular pieces of information that can be defined as security knowledge.
These distinguishing features should be outlined through the article’s metadata and summaries. An Analyst coming to the article through a search should be able to determine what the article addresses and how useful that article will be to them. They will be coming looking for answers to problems, challenges, solutions or advice as well as evidence that the knowledge within the article will be reusable to contribute to the task they are involved in.
The charter should advise on content structure to keep document terms to well defined and understood methodologies to help remove ambiguity. Secondly, to help the Analyst and their investigations by providing references to alternative sources of information. The value of the article as knowledge may be very specific to a particular task or a limited audience at a point in time, however, there will be a percentage of that content that will have a lasting value to others. Determining that value is greatly enhanced if it pertains to frameworks, standards and evidence. Standards and Frameworks such as ITIL, NIST or Mitre have a clear structure, terminology and application and are widely recognised and accepted.
Providing supporting evidence may provide the greatest value but it is important to determine the quality of that evidence before making any decision on value. Through this blog, I am going to explore the different ways of building up appropriate evidence to support smart city security decision making and scenario planning through the structure of a framework and associated systems and standards.
Smart City Cyber Security 