LONDON, UK / AGILITYPR.NEWS / March 16, 2020 / CREST unveils free Cyber Threat Intelligence Maturity Assessment Tool         

16 March 2020: CREST, the not-for-profit accreditation and certification body for the technical security industry, has developed a new maturity assessment tool for Cyber Threat Intelligence (CTI) programmes. The licence-free tool will help organisations to predict, prepare for, detect and respond to potential attacks through more effective CTI programmes.  

The new Cyber Threat Intelligence Maturity Assessment Tool provides continuous and effective analysis of a CTI programme in terms of people, processes and technology and supports the adoption of a systematic, structured approach to intelligence gathering. Development of the CREST tool was led by the CTIPs (CREST Threat Intelligence Professionals) group with support of its members, industry bodies and suppliers of expert technical security services. It is based on the 18 steps within the four-phase CTI capability programme presented in the CREST CTI Management Guide.                           

As different private and public sector organisations require different levels of CTI maturity, the CREST tool reviews maturity against actual requirements and compares it with other similar organisations. While organisations with a mature CTI programme may manage most of their operations in-house, those who are less mature may depend entirely on third parties.   

A weighting factor can be set to give the results for particular steps more importance than others. The selected levels of maturity are displayed graphically for each of the four phases and overall, with calculations that take account of both the level of maturity selected for each step and the given weighting.   

“For many companies and organisations, threat intelligence is a relatively new but increasingly essential tool in the battle against cybercrime,” said Ian Glover, president of CREST. “So, it is vital that those responsible for CTI programmes can measure the maturity and effectiveness of their programmes against standardised metrics relevant to both their business and the level of threat. By offering a free, easy to use tool, CREST is helping to raise awareness and remove barriers to improving the cyber security posture of any type or size of business or organisation. It has already been reviewed and is in process of being adopted by regulators across Europe as a way of obtaining key performance indicators for their regulated organisations.” 

To download the Cyber Threat Intelligence Maturity Assessment Tool, go to: https://crest-approved.org/2020/01/10/cyber-threat-intelligence-maturity-assessment-tool/index.html

Intermediate and summary versions of the tools will also be available later this year.

About CREST

CREST is a not-for-profit accreditation and certification body representing the technical information security industry. CREST provides internationally recognised accreditations for organisations providing technical security services and professional level certifications for individuals providing vulnerability assessment, penetration testing, cyber incident response, threat intelligence and security operations centre (SOC) services.  CREST Member companies undergo regular and stringent assessment, whilst CREST certified individuals undertake rigorous examinations to demonstrate the highest levels of knowledge, skill and competence. To ensure currency of knowledge in fast changing technical security environments the certification process is repeated every three years.

CREST is governed by an elected Executive of experienced security professionals who also promote and develop awareness, ethics and standards within the cyber security industry. CREST supports its members and the wider information security industry by creating collaborative research material. This provides a strong voice for the industry, opportunities to share knowledge and delivers good practice guidance to the wider community.

For more information contact: Allie Andrews, allie.andrews@crest-approved.org