The threat library, is exactly what it sounds like, is a place to store the threats encountered by your organization or related to your organization and have impact to it. This library is used to store the threat event details, attributes, chronology of events, related files and softwares etc. It’s important for an organization to keep so that if in future if similar incidents occur, old incident can be used for learning and mitigating new event effectively. It also help the organization to assess the threat types and trend observed historically, which in turn helps security teams to understand critical focus areas for threats.
The whole idea of creating a threat library is to keep record of threats. These historical records can help in various ways some of them are as follow:
- Having a record of what kind of vulnerabilities existed in the organization helps security guys to understand what kind of threats their organization is more vulnerable. Hence they can focus of creating, revising and monitoring those specific area more rigorously.
- It provide a trend in vulnerabilities for the organization. For example. if their were lots of changes needed in the softwares during the release of SSL vulnerabilities, that proves that any vulnerability released in category of SSL(or secure browsing) is going to impact the organization IT infrastructure greatly.
- If there was a hacking attempt and it is recorded with ample details then it helps security experts to re-trace the entry points of the hacker as well as what other kind of attempts he/she might have made.
- Understanding a threat attack sophistication also let us know if the security measures setup in the organization are good enough.
How to Create one?
Creating a threat library can be as simple as creating a file share folder with restricted access(not advisable) to dedicating a physical machine hosting an application to organize all the data and files. However a threat library setup should have following characteristics:
- Records/data should be easy to organize, search and retrieve. I.E. well structured and indexes data.
- Good authentication and authorization and restricted access to the information
- File integrity checks and files should be stored in encrypted form.
- Ability to make updates in the records
- Easily accessible
There are N number of softwares which can be used for it. Some of these are Bugzilla, Gitlab, ftp servers,any kind of media hosting website frameworks with characteristics mentioned above.
Let me know if how you think about my write-up in the comments below.
Please refer URL provided below for more, its a great article.