3-7 Cyber Threat Information

Cyber threat information is any information that can assist in identifying, assessing, monitoring, and responding to cyber threats. Organizations can gain a more complete understanding of threats by analyzing information from multiple sources and by exchanging threat information within vetted sharing communities.

Threat is any circumstance or event (human, physical, or environmental) with the potential to cause harm to an information resource in the form of destruction, disclosure, adverse modification of data, and/or denial of service by exploiting a vulnerability.

The objective of sharing is to support the overall CISO strategy and all information sharing agreements, which must be approved by CISO leadership. The agreements must be coordinated with CISO units with a role in the collection, processing, storage, and protection of threat information. Insider threat information is as follows:

  1. Insider threat information is collected or produced as a product of cybersecurity operations by internal tools, sensors, and repositories. To identify what threat information may be shared, the scope of information-sharing activities must be defined and rules put in place to control the flow of information.
  2. All threat information sharing must be managed within a Threat Intelligence Platform (TIP). The threat information-sharing process includes engaging in ongoing communication with partners, consuming security alerts and indicators, organizing and storing information, and producing and publishing information for sharing with partners.

Threat information sharing must comply with Postal Service legal restrictions on the type of information that may be shared, including the requirement that shared threat information must not be attributable to the Postal Service.

Information types, such as Personally Identifiable Information (PII), classified information, and Postal Service proprietary information, may not be shared and must be protected. Adequate security and privacy controls must be implemented to protect this information from unauthorized disclosure or modification.