Gartner给威胁情报下的一个定义:Threat intelligence is evidence-based knowledge, including context, mechanisms, indicators, implications and actionable advice, about an existing or emerging menace or hazard to assets that can be used to inform decisions regarding the subject‘s response to that menace or hazard.威胁情报是一种基于证据的知识,包括了情境、机制、指标、隐含和实际可行的建议。威胁情报描述了现存的、或者是即将出现针对资产的威胁或危险,并可以用于通知主体针对相关威胁或危险采取某种响应。
Forrester对威胁情报的定义:Threat intelligence is details of motivations, intents, and capabilities of internel and external threats actors. TI includes sepecifics on the TTPs of these adversaries.
SANS在2014年给网络空间威胁情报下了一个定义: Threat intelligence is the set of data collected, assessed and applied regarding security threats, malicious actors, exploits, malware, vulnerabilities and compromise indicators.
《国家情报战略》(2014)指出,网络空间情报(cyber intelligence )包括有关外国活动者的网络计划、意图、能力、行动等,他们对本国国家安全、信息系统、基础设施、数据资料的影响,以及外国信息系统网络特征、组件、结构、使用、漏洞等情况。
美军认为,情报分析 (Intelligence Analysis)是指对有用的信息进行 分解、合成,通过逻辑推理得出有价值的结论。 借助信息化的手段,当前的情报分析手段和工具被美国军方归纳出了14种,例如“相关性分析”,“风格分析”、“文化分析”、“群聚分析”,等 等。
FBI define intelligence: simply defined, intelligence is information that has been analyzed and refined so that it is useful to policymakers in making decisions -specifically, decisions about potential threats to our national security.
【参考】
原文地址:http://yepeng.blog.51cto.com/3101105/1668851