Threat Intelligence and Vulnerability Management involves collecting, analysing, and applying threat data to proactively defend against emerging cyber threats. This includes continuous vulnerability scanning, regular penetration testing, and applying intelligence on potential threats to prevent attacks. A strong threat intelligence and vulnerability management programme helps organisations identify and address security weaknesses before they can be exploited by malicious actors, ensuring that systems and data are better protected.

———————————————————————————————————

Level 1 Certification

———————————————————————————————————

Measure 9.1: Conduct Basic Vulnerability Scanning

Does your enterprise conduct regular vulnerability scanning to identify security weaknesses in systems and software?
Example: Use a basic vulnerability scanning tool, such as Nessus or Qualys, to run monthly scans on all company devices and servers to identify and patch known vulnerabilities.

Measure 9.2: Apply Software Patches Regularly

Does your enterprise ensure that all software, operating systems, and applications are regularly patched and updated?
Example: Establish a process where security patches are installed within a week of release to mitigate risks from unpatched vulnerabilities.

Measure 9.3: Perform Basic Penetration Testing

Does your enterprise conduct basic penetration testing to simulate attacks and uncover vulnerabilities?
Example: Engage a trusted external provider or use automated penetration testing tools such as OWASP ZAP to conduct basic security tests on key company systems once or twice a year.

Measure 9.4: Stay Informed About Threat Intelligence

Does your enterprise stay informed about potential threats that could impact your industry?
Example: Subscribe to free threat intelligence feeds or security newsletters to detect CVEs to stay up-to-date with the latest cybersecurity threats and vulnerabilities.

———————————————————————————————————

Level 2 Certificaton

To achieve Level 2: Level 1 must also be achieved.

———————————————————————————————————

Measure 9.5: Implement Regular Vulnerability Scanning and Management

Does your enterprise implement continuous vulnerability scanning to monitor for new vulnerabilities?
Example: Use a more comprehensive vulnerability management solution, such as Qualys or Rapid7, that provides automated regular scans, alerts, and prioritises remediation efforts.

Measure 9.6: Conduct Advanced Penetration Testing

Does your enterprise conduct more advanced penetration testing to simulate real-world cyberattacks and find hidden vulnerabilities?
Example: Engage with a professional penetration testing service that conducts full-scope tests of your internal and external systems on an annual basis to find critical vulnerabilities and system weaknesses.

Measure 9.7: Develop and Apply Threat Intelligence

Does your enterprise collect and apply threat intelligence to detect and respond to emerging cyber threats?
Example: Integrate threat intelligence platforms like ThreatConnect or Anomali to enhance your understanding of current cyber threats and use this intelligence to proactively update defences against emerging risks.

Measure 9.8: Automate Vulnerability Management and Remediation

Does your enterprise automate vulnerability management to streamline the process of identifying, remediating, and tracking vulnerabilities?
Example: Use automated tools such as Tenable or Qualys that can integrate into your patch management processes to automatically apply fixes or trigger alerts when vulnerabilities are discovered.

———————————————————————————————————

Level 3 Certificaton

To achieve Level 3: Level 2 and Level 1 must also be achieved.

———————————————————————————————————

Measure 9.9: Integrate Threat Intelligence into Security Operations

Does your enterprise integrate threat intelligence into your broader security operations and response strategies?
Example: Use a Security Information and Event Management (SIEM) system like Splunk or Redscan to integrate threat intelligence data, correlating information across various sources and triggering automated responses to detected threats.

Measure 9.10: Implement Continuous Penetration Testing and Red Teaming

Does your enterprise perform continuous penetration testing and/or red teaming to simulate sophisticated, persistent attack scenarios?
Example: Set up a red team exercise on a quarterly basis with a security consultant to continuously test the resilience of your network, systems, and applications against a range of threat vectors.

Measure 9.11: Establish a Formal Vulnerability Management Program

Does your enterprise have a formal, documented vulnerability management programme that includes risk assessment, prioritisation, and remediation procedures?
Example: Develop a structured vulnerability management framework that includes a clear process for identifying, assessing, prioritising, and patching vulnerabilities, with defined roles and responsibilities for all stages of the process.

Measure 9.12: Employ Threat Intelligence Platforms and Automated Response Systems

Does your enterprise employ threat intelligence platforms that provide actionable insights, combined with automated systems that can respond to vulnerabilities or threats in real time?
Example: Implement advanced threat intelligence platforms like CrowdStrike or FireEye that can detect advanced threats, track threat actors, and automate specific security controls or alerts based on emerging risks.

Measure 9.13: Perform Advanced Risk and Impact Analysis for Vulnerabilities

Does your enterprise conduct advanced risk and impact analysis for vulnerabilities to prioritise remediation based on business criticality?
Example: Use risk-based prioritisation models to assess the potential impact of vulnerabilities based on business context, allowing your security team to focus on high-risk vulnerabilities that could significantly impact operations or data security.

———————————————————————————————————