Explore the Various Sources of Cybersecurity Information
In cybersecurity, it’s essential to use reliable, up-to-date sources of information to keep abreast of the latest threats and best practices. Here are a few categories of useful information sources for effective cyber threat intelligence:
Specialized agencies (national, regional, and international): CISA in the USA, the Cybersecurity Centre in Canada, ANSSI in France, ENISA in Europe, Europol (EC3), Interpol, etc.
Industry-led Information Sharing and Analysis Centers (ISACs): EE-ISAC, A-ISAC, FS-ISAC, Auto-ISAC, IT-ISAC, etc.
Incident response teams: CERTs, CSIRTs, National CERT Association in the USA, which publish advisories, alerts, and recommendations for dealing with vulnerabilities and threats.
Community sources and professional networks
CDSE, ISC2, CESIN, ISACA
OSINT-FR, The Honeynet Project, etc.
Community feeds: MalwareBazaar, Tria.ge, MWDB, Feodo Tracker, URLhaus, Red Flag Domains, ThreatFox, PhishTank, MWDB, VirusTotal, etc.
Partner ecosystem
Partnerships with public and government sectors
Contractual commitments with partners
Cooperation with other analysts and cybersecurity teams
OSINT (Open Source Intelligence), HUMINT (Human Intelligence)
Cybersecurity software companies
Academic and research publications
Specialist media
Social media: X (formerly Twitter), Bluesky, Telegram, LinkedIn, Mastodon, Discord, etc.
Bad actors, such as hacktivists, are increasingly active on social media.
Cybercriminal forums and marketplaces
Potentially malicious sites on the dark web
Draw On Available Resources
Information can take many forms, depending on the sources you choose to use. Here are a few more details on how to approach each of these different types of information:
Blog Posts | Blogs are a popular way for both IT security companies and independent researchers to share cybersecurity information. |
Reports | IT security companies, government agencies, and security research organizations often publish cybersecurity-related reports, including reports on threats, trends, attack and mitigation techniques, best practices, and incident response (IR). |
Newsletters | Newsletters can provide regular updates on topics of interest in cybersecurity. |
Podcasts and Shows | Cybersecurity podcasts and shows can be a valuable source of information and an effective way of learning about IT security experts’ different points of view. |
Webinars | Webinars are interactive online presentations, useful for delving deeper into a hot topic or learning more about a product or service launch. |
Articles, Press Releases, and Press Conferences | These are sometimes the primary sources of information on market developments and current malware campaigns. |
Journals | Cybersecurity journals tend to group together publications on specific topics in IT security, with the contributors’ work providing high added value. |
Cybersecurity Events, Conferences, and Forums | Cybersecurity-related conferences, forums, and events are excellent opportunities to obtain first-hand information on ongoing investigations and the latest industry news. |
Specialist Forums | Online discussion and help forums can be useful for obtaining information, sharing experiences, and asking questions. |
Legislative News | Information on legislative developments in cybersecurity is essential for understanding the ever-changing legal and regulatory framework. I recommend using government sources or legal experts. |
Qualify Your Information Sources
When you’re researching information on cybersecurity, it’s essential to ensure that your sources and the information they contain are reliable and credible.
To help you assess the relevance of the information, consider the following key aspects:
Credibility: Is the source reliable and well-established in the field of cybersecurity? Information from reputable cybersecurity organizations, well-established IT security companies, and authors recognized in their field of expertise is generally more credible.
Currentness: Is the information regularly updated to reflect the latest threats and best practices? Recent information is often more relevant.
Transparency: Does the source clearly explain its methodology and information sources? Articles or reports that quote reliable and credible sources and technical publications with specific details on the methodology used are generally trustworthy.
Critical analysis: Depending on your needs, select sources that provide in-depth analysis and explain their content clearly.
Independence: Is the source free from conflicts of interest or outside influences?
Consistency: Is the information consistent with other reputable sources? If possible, check the information by comparing it with other reliable sources. The more consistent the information is across multiple sources, the greater its credibility.
I also recommend you use “The Admiralty Code” (also known as “The Admiralty Scale” or “The NATO System”) to classify sources and information according to their reliability and credibility.
Reliability of the Source | Credibility of the Information |
---|---|
A - Source completely reliable | A - Information completely credible |
B - Source usually reliable | B - Information probably true |
C - Source fairly reliable | C - Information possibly true |
D - Source not usually reliable | D - Information doubtful |
E - Source unreliable | E - Information improbable |
F - Reliability cannot be judged | F - Truth cannot be judged |
Over to You!
Instructions
Select three information sources whose purpose is to publicize or pass on information about cybersecurity. You can choose different formats (a blog post, a press article, a social media post, etc.).
Next, answer the following question:
Is this information source reliable and credible?
If yes, why?
If no, why not?
Feel free to refer to the Admiralty Code to assess your sources.
Example Answer
Selected source: news article “France accuses Russian state hackers of targeting government systems, universities, think tanks.”
Source of news article (Reliability): “The Record” is generally regarded as a reputable, serious cybersecurity news outlet, backed by Recorded Future, a world-leading and long-standing threat intelligence company. This suggests it is a usually reliable source (B - Source usually reliable).
Information credibility:
The article quotes France’s National Cybersecurity Agency (ANSSI), a recognized authority on cybersecurity in France. This gives the information a certain credibility (B - Information probably true).
The article mentions specific facts, such as the attacks attributed to APT 28 and the exploitation of a vulnerability in Outlook. If these details are correct, they reinforce credibility (B - Information probably true).
Let’s Recap!
In cybersecurity, the quality of information collected is vital to making informed decisions and maintaining a secure digital environment.
When researching and assessing your information sources, draw on a variety of resources, including specialized agencies, industry-led information sharing and analysis centers, incident response teams, community and professional sources, the partner ecosystem, cybersecurity software companies, OSINT and HUMINT, academic and research publications, specialist media, social media, cybercriminal forums, and the dark web.
When assessing your information sources, consider their credibility, currentness, transparency, critical analysis, independence, and consistency.
It’s best to cross-check information with several reliable sources—even when you trust reputable sources—as they can sometimes provide false information.
In the next chapter, we’ll look at how to structure the data you’ve collected. Let’s get started!