• 4 hours
  • Easy

Free online content available in this course.

course.header.alt.is_certifying

Got it!

Last updated on 7/2/24

Research and Qualify Your Information Sources

Explore the Various Sources of Cybersecurity Information

In cybersecurity, it’s essential to use reliable, up-to-date sources of information to keep abreast of the latest threats and best practices. Here are a few categories of useful information sources for effective cyber threat intelligence:

  • Specialized agencies (national, regional, and international): CISA in the USA, the Cybersecurity Centre in Canada, ANSSI in France, ENISA in Europe, Europol (EC3), Interpol, etc.

  • Industry-led Information Sharing and Analysis Centers (ISACs): EE-ISAC, A-ISAC, FS-ISAC, Auto-ISAC, IT-ISAC, etc.

  • Incident response teams: CERTs, CSIRTs, National CERT Association in the USA, which publish advisories, alerts, and recommendations for dealing with vulnerabilities and threats.

  • Community sources and professional networks

    • CDSE, ISC2, CESIN, ISACA

    • OSINT-FR, The Honeynet Project, etc.

  • Community feeds: MalwareBazaar, Tria.ge, MWDB, Feodo Tracker, URLhaus, Red Flag Domains, ThreatFox, PhishTank, MWDB, VirusTotal, etc.

  • Partner ecosystem

    • Partnerships with public and government sectors

    • Contractual commitments with partners

    • Cooperation with other analysts and cybersecurity teams

  • OSINT (Open Source Intelligence), HUMINT (Human Intelligence)

  • Cybersecurity software companies

  • Academic and research publications

  • Specialist media

  • Social media: X (formerly Twitter), Bluesky, Telegram, LinkedIn, Mastodon, Discord, etc.

Bad actors, such as hacktivists, are increasingly active on social media. 

Example of a claim from a campaign targeting the National Assembly by the hacktivist group KromSec.
Example of hacktivist group KromSec claiming responsibility for a campaign targeting the French National Assembly
  • Cybercriminal forums and marketplaces

  • Potentially malicious sites on the dark web

Draw On Available Resources

Information can take many forms, depending on the sources you choose to use. Here are a few more details on how to approach each of these different types of information:

Blog Posts

Blogs are a popular way for both IT security companies and independent researchers to share cybersecurity information.

Reports

IT security companies, government agencies, and security research organizations often publish cybersecurity-related reports, including reports on threats, trends, attack and mitigation techniques, best practices, and incident response (IR).

Newsletters

Newsletters can provide regular updates on topics of interest in cybersecurity.

Podcasts and Shows

Cybersecurity podcasts and shows can be a valuable source of information and an effective way of learning about IT security experts’ different points of view.

Webinars

Webinars are interactive online presentations, useful for delving deeper into a hot topic or learning more about a product or service launch.

Articles, Press Releases, and Press Conferences

These are sometimes the primary sources of information on market developments and current malware campaigns.

Journals

Cybersecurity journals tend to group together publications on specific topics in IT security, with the contributors’ work providing high added value.

Cybersecurity Events, Conferences, and Forums

Cybersecurity-related conferences, forums, and events are excellent opportunities to obtain first-hand information on ongoing investigations and the latest industry news.

Specialist Forums

Online discussion and help forums can be useful for obtaining information, sharing experiences, and asking questions.

Legislative News

Information on legislative developments in cybersecurity is essential for understanding the ever-changing legal and regulatory framework. I recommend using government sources or legal experts.

Qualify Your Information Sources

When you’re researching information on cybersecurity, it’s essential to ensure that your sources and the information they contain are reliable and credible.

To help you assess the relevance of the information, consider the following key aspects:

  • Credibility: Is the source reliable and well-established in the field of cybersecurity? Information from reputable cybersecurity organizations, well-established IT security companies, and authors recognized in their field of expertise is generally more credible.

  • Currentness: Is the information regularly updated to reflect the latest threats and best practices? Recent information is often more relevant.

  • Transparency: Does the source clearly explain its methodology and information sources? Articles or reports that quote reliable and credible sources and technical publications with specific details on the methodology used are generally trustworthy.

  • Critical analysis: Depending on your needs, select sources that provide in-depth analysis and explain their content clearly.

  • Independence: Is the source free from conflicts of interest or outside influences?

  • Consistency: Is the information consistent with other reputable sources? If possible, check the information by comparing it with other reliable sources. The more consistent the information is across multiple sources, the greater its credibility.

I also recommend you use “The Admiralty Code” (also known as “The Admiralty Scale” or “The NATO System”) to classify sources and information according to their reliability and credibility.

Reliability of the Source

Credibility of the Information

A - Source completely reliable

A - Information completely credible

B - Source usually reliable

B - Information probably true

C - Source fairly reliable

C - Information possibly true

D - Source not usually reliable

D - Information doubtful

E - Source unreliable

E - Information improbable

F - Reliability cannot be judged

F - Truth cannot be judged

Over to You!

Instructions

Select three information sources whose purpose is to publicize or pass on information about cybersecurity. You can choose different formats (a blog post, a press article, a social media post, etc.).

Next, answer the following question:

  • Is this information source reliable and credible?

    • If yes, why?

    • If no, why not? 

Feel free to refer to the Admiralty Code to assess your sources.

Example Answer

Selected source: news article “France accuses Russian state hackers of targeting government systems, universities, think tanks.

  • Source of news article (Reliability): “The Record” is generally regarded as a reputable, serious cybersecurity news outlet, backed by Recorded Future, a world-leading and long-standing threat intelligence company. This suggests it is a usually reliable source (B - Source usually reliable).

  • Information credibility:

    • The article quotes France’s National Cybersecurity Agency (ANSSI), a recognized authority on cybersecurity in France. This gives the information a certain credibility (B - Information probably true).

    • The article mentions specific facts, such as the attacks attributed to APT 28 and the exploitation of a vulnerability in Outlook. If these details are correct, they reinforce credibility (B - Information probably true).

Let’s Recap!

  • In cybersecurity, the quality of information collected is vital to making informed decisions and maintaining a secure digital environment.

  • When researching and assessing your information sources, draw on a variety of resources, including specialized agencies, industry-led information sharing and analysis centers, incident response teams, community and professional sources, the partner ecosystem, cybersecurity software companies, OSINT and HUMINT, academic and research publications, specialist media, social media, cybercriminal forums, and the dark web.

  • When assessing your information sources, consider their credibility, currentness, transparency, critical analysis, independence, and consistency.

  • It’s best to cross-check information with several reliable sources—even when you trust reputable sources—as they can sometimes provide false information.

In the next chapter, we’ll look at how to structure the data you’ve collected. Let’s get started!

Example of certificate of achievement
Example of certificate of achievement