Kingdom of Saudi Arabia – Saudi Central Bank (SAMA)

Kingdom of Saudi Arabia – Saudi Arabian Monetary Authority – KSA – SAMA – Cyber Threat Intelligence Principles – March 2022. Covering:

Introduction

Scope of Applicability

Responsibilities

Review, Updates and Maintenance

Cyber threat Intelligence Principles

Domain 1: Core Cyber Threat Intelligence Principles

Principle 1: Define Roles and Responsibilities

Principle 2: Define Threat Intelligence Planning and Collection Requirements

Principle 3: Select and Validate Relevant Sources

Principle 4: Collect Data Through Intelligence Sources

Principle 5: Define Specific Standard Operating Procedures (SOPs)

Principle 6: Process and Classify Information

Principle 7: Analyse Information

Principle 8: Share Intelligence

Principle 9: Deliver Actionable Threat Intelligence

Principle 10: Continuously Improve Methods of Intelligence

Principle 11: Integrate CTI

Domain 2: Strategic Cyber Threat Intelligence

Principle 12: Identify a Cyber Threat Landscape

Principle 13: Identify Strategic Cyber Attack Scenarios

Principle 14: Elaborate Requests for Information (RFIs) and Tailored Threat Assessments

Domain 3: Operational Cyber Threat Intelligence

Principle 15: Define the Attack Chain

Principle 16: Identify TTPs

Principle 17: Identify Malware and Tools

Domain 4: Technical and Tactical Cyber Threat Intelligence

Principle 18: Collect IoCs

Principle 19: Monitor and Report Vulnerabilities

Annexes

Annex A – Glossary

Annex B – Areas of Analysis

Annex C – Types of Sources

Annex D – Types of Intelligence

Annex E – Threat Intelligence Delivery Models

Annex G – Analytical Approach

Annex H – CTI Principles High-level Graph

Annex I – CTI Principles Mind Map