{"id":2124,"date":"2023-09-07T15:32:00","date_gmt":"2023-09-07T15:32:00","guid":{"rendered":"https:\/\/euroone.hu\/use-of-threat-reports-in-information-security-risk-assessments\/"},"modified":"2024-10-30T14:18:31","modified_gmt":"2024-10-30T14:18:31","slug":"use-of-threat-reports-in-information-security-risk-assessments","status":"publish","type":"post","link":"https:\/\/euroone.hu\/en\/use-of-threat-reports-in-information-security-risk-assessments\/","title":{"rendered":"Use of Threat Reports in Information Security Risk Assessments"},"content":{"rendered":"\n<p>In this article, I aim to highlight how to move beyond template-based, compliance-driven risk assessments to create meaningful evaluations of real security threats. This is not an exhaustive guide to risk management methodologies but rather an insight into making risk assessments more valuable by integrating threat intelligence. <\/p>\n\n\n\n<h2 class=\"wp-block-heading\">The Problem with Template-Driven Assessments<\/h2>\n\n\n\n<p>Information security standards like PCI-DSS, ISO 2700x, NIST CSF, and others, all emphasize risk-based approaches. However, the compliance pressure often results in superficial assessments that add little value. To truly protect organizations, risk assessments should prioritize understanding actual threats rather than just ticking compliance checkboxes.       <\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Leveraging Threat Reports<\/h2>\n\n\n\n<p>Threat reports provide valuable data that can enhance the quality of risk assessments. Notable examples include ENISA&#8217;s Threat Landscape (ETL) and Verizon&#8217;s Data Breach Investigation Report (DBIR). The ETL focuses on European trends, while DBIR provides a global perspective, detailing incidents, attack vectors, targeted assets, and motivations of threat actors. <br>Both reports are also mapped to security standards, with ETL linked to ISO 27001 and DBIR aligned with CIS controls, offering practical guidance to security professionals. These mappings help bridge the gap between identifying threats and applying the appropriate defensive measures.       <\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Practical Application in Risk Assessment<\/h2>\n\n\n\n<p>In frameworks like ISO 27005, threat identification forms a key part of the risk identification process. Reports like DBIR offer insights into top attack vectors (e.g., stolen credentials, ransomware, phishing) and targeted assets (e.g., servers, user devices). They help assessors understand the likelihood and impact of specific risks, enhancing the accuracy of their evaluations. <\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Conclusion<\/h2>\n\n\n\n<p>To avoid static and unresponsive assessments, organizations must incorporate current threat intelligence, such as the data from ETL and DBIR, into their processes. Relying solely on standard templates ignores real-world threats that could have significant impacts on both organizations and customers. Using high-quality, cross-verified threat data is essential for meaningful risk management in an evolving cybersecurity landscape. <\/p>\n\n\n\n<p>Read the full article on our International subsidiary\u2019s website by clicking on the image.<a href=\"https:\/\/socwise.eu\/protection-against-email-attacks-solutions-from-trend-micro\/(opens%20in%20a%20new%20tab)?utm_source=EO_blog&amp;utm_medium=BEC_attacks\"><\/a><\/p>\n\n\n\n<figure class=\"wp-block-image size-full is-resized\"><a href=\"https:\/\/socwise.eu\/use-of-threat-reports-in-information-security-risk-assessments\/?utm_source=EO_blog&amp;utm_medium=threat_reports\" target=\"_blank\" rel=\"noreferrer noopener\"><img loading=\"lazy\" decoding=\"async\" width=\"488\" height=\"329\" src=\"https:\/\/euroone.hu\/wp-content\/uploads\/2024\/10\/socwise-poweredArtboard-1@4x-100.jpg\" alt=\"\" class=\"wp-image-1534\" style=\"width:220px\" srcset=\"https:\/\/euroone.hu\/wp-content\/uploads\/2024\/10\/socwise-poweredArtboard-1@4x-100.jpg 488w, https:\/\/euroone.hu\/wp-content\/uploads\/2024\/10\/socwise-poweredArtboard-1@4x-100-300x202.jpg 300w\" sizes=\"auto, (max-width: 488px) 100vw, 488px\" \/><\/a><\/figure>\n\n\n\n<p><br><strong>Sources<\/strong><\/p>\n\n\n\n<p>Verizon DBIR: <a href=\"https:\/\/www.verizon.com\/business\/resources\/reports\/dbir\/\">Link<\/a><br>Enisa ETL: <a href=\"https:\/\/www.enisa.europa.eu\/publications\/enisa-threat-landscape-2022\">Link<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>The use of threat reports helps to identify real threats and adds value to information security instead of templated risk analyses.<\/p>\n","protected":false},"author":1,"featured_media":1425,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[87],"tags":[],"class_list":["post-2124","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blog-en"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v26.8 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Use of Threat Reports in Information Security Risk Assessments - EURO ONE<\/title>\n<meta name=\"description\" content=\"Threat reports help you identify real threats and provide effective risk analysis for information security.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/euroone.hu\/en\/use-of-threat-reports-in-information-security-risk-assessments\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Use of Threat Reports in Information Security Risk Assessments - EURO ONE\" \/>\n<meta property=\"og:description\" content=\"Threat reports help you identify real threats and provide effective risk analysis for information security.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/euroone.hu\/en\/use-of-threat-reports-in-information-security-risk-assessments\/\" \/>\n<meta property=\"og:site_name\" content=\"EURO ONE Sz\u00e1m\u00edt\u00e1stechnikai Zrt.\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/euroone\" \/>\n<meta property=\"article:published_time\" content=\"2023-09-07T15:32:00+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-10-30T14:18:31+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/euroone.hu\/wp-content\/uploads\/2023\/09\/Threat-report-blogposzt.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1200\" \/>\n\t<meta property=\"og:image:height\" content=\"630\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"laszlo.mate\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"laszlo.mate\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/euroone.hu\/en\/use-of-threat-reports-in-information-security-risk-assessments\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/euroone.hu\/en\/use-of-threat-reports-in-information-security-risk-assessments\/\"},\"author\":{\"name\":\"laszlo.mate\",\"@id\":\"https:\/\/euroone.hu\/#\/schema\/person\/4ced8c2e07485df9444f6fa525765543\"},\"headline\":\"Use of Threat Reports in Information Security Risk Assessments\",\"datePublished\":\"2023-09-07T15:32:00+00:00\",\"dateModified\":\"2024-10-30T14:18:31+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/euroone.hu\/en\/use-of-threat-reports-in-information-security-risk-assessments\/\"},\"wordCount\":341,\"publisher\":{\"@id\":\"https:\/\/euroone.hu\/#organization\"},\"image\":{\"@id\":\"https:\/\/euroone.hu\/en\/use-of-threat-reports-in-information-security-risk-assessments\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/euroone.hu\/wp-content\/uploads\/2023\/09\/Threat-report-blogposzt.jpg\",\"articleSection\":[\"Blog\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/euroone.hu\/en\/use-of-threat-reports-in-information-security-risk-assessments\/\",\"url\":\"https:\/\/euroone.hu\/en\/use-of-threat-reports-in-information-security-risk-assessments\/\",\"name\":\"Use of Threat Reports in Information Security Risk Assessments - EURO ONE\",\"isPartOf\":{\"@id\":\"https:\/\/euroone.hu\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/euroone.hu\/en\/use-of-threat-reports-in-information-security-risk-assessments\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/euroone.hu\/en\/use-of-threat-reports-in-information-security-risk-assessments\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/euroone.hu\/wp-content\/uploads\/2023\/09\/Threat-report-blogposzt.jpg\",\"datePublished\":\"2023-09-07T15:32:00+00:00\",\"dateModified\":\"2024-10-30T14:18:31+00:00\",\"description\":\"Threat reports help you identify real threats and provide effective risk analysis for information security.\",\"breadcrumb\":{\"@id\":\"https:\/\/euroone.hu\/en\/use-of-threat-reports-in-information-security-risk-assessments\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/euroone.hu\/en\/use-of-threat-reports-in-information-security-risk-assessments\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/euroone.hu\/en\/use-of-threat-reports-in-information-security-risk-assessments\/#primaryimage\",\"url\":\"https:\/\/euroone.hu\/wp-content\/uploads\/2023\/09\/Threat-report-blogposzt.jpg\",\"contentUrl\":\"https:\/\/euroone.hu\/wp-content\/uploads\/2023\/09\/Threat-report-blogposzt.jpg\",\"width\":1200,\"height\":630,\"caption\":\"Pop Art Successful Businessman Gesturing OK. Business Success. Vector illustration\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/euroone.hu\/en\/use-of-threat-reports-in-information-security-risk-assessments\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Kezd\u0151lap\",\"item\":\"https:\/\/euroone.hu\/en\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Use of Threat Reports in Information Security Risk Assessments\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/euroone.hu\/#website\",\"url\":\"https:\/\/euroone.hu\/\",\"name\":\"Euroone\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/euroone.hu\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/euroone.hu\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/euroone.hu\/#organization\",\"name\":\"Euroone\",\"url\":\"https:\/\/euroone.hu\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/euroone.hu\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/euroone.hu\/wp-content\/uploads\/2024\/09\/EURO-ONE-szines-logo.png\",\"contentUrl\":\"https:\/\/euroone.hu\/wp-content\/uploads\/2024\/09\/EURO-ONE-szines-logo.png\",\"width\":741,\"height\":768,\"caption\":\"Euroone\"},\"image\":{\"@id\":\"https:\/\/euroone.hu\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/euroone\",\"https:\/\/www.linkedin.com\/company\/euro-one\/\",\"https:\/\/www.youtube.com\/@euroonezrt\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/euroone.hu\/#\/schema\/person\/4ced8c2e07485df9444f6fa525765543\",\"name\":\"laszlo.mate\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/euroone.hu\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/33e54dec0cd79fc4b5e911c15f836c46ec8d0e452ecd3ca5f707bce0a3540a3b?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/33e54dec0cd79fc4b5e911c15f836c46ec8d0e452ecd3ca5f707bce0a3540a3b?s=96&d=mm&r=g\",\"caption\":\"laszlo.mate\"},\"sameAs\":[\"http:\/\/euroone.local\"],\"url\":\"https:\/\/euroone.hu\/en\/author\/laszlo-mate\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Use of Threat Reports in Information Security Risk Assessments - EURO ONE","description":"Threat reports help you identify real threats and provide effective risk analysis for information security.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/euroone.hu\/en\/use-of-threat-reports-in-information-security-risk-assessments\/","og_locale":"en_US","og_type":"article","og_title":"Use of Threat Reports in Information Security Risk Assessments - EURO ONE","og_description":"Threat reports help you identify real threats and provide effective risk analysis for information security.","og_url":"https:\/\/euroone.hu\/en\/use-of-threat-reports-in-information-security-risk-assessments\/","og_site_name":"EURO ONE Sz\u00e1m\u00edt\u00e1stechnikai Zrt.","article_publisher":"https:\/\/www.facebook.com\/euroone","article_published_time":"2023-09-07T15:32:00+00:00","article_modified_time":"2024-10-30T14:18:31+00:00","og_image":[{"width":1200,"height":630,"url":"https:\/\/euroone.hu\/wp-content\/uploads\/2023\/09\/Threat-report-blogposzt.jpg","type":"image\/jpeg"}],"author":"laszlo.mate","twitter_card":"summary_large_image","twitter_misc":{"Written by":"laszlo.mate","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/euroone.hu\/en\/use-of-threat-reports-in-information-security-risk-assessments\/#article","isPartOf":{"@id":"https:\/\/euroone.hu\/en\/use-of-threat-reports-in-information-security-risk-assessments\/"},"author":{"name":"laszlo.mate","@id":"https:\/\/euroone.hu\/#\/schema\/person\/4ced8c2e07485df9444f6fa525765543"},"headline":"Use of Threat Reports in Information Security Risk Assessments","datePublished":"2023-09-07T15:32:00+00:00","dateModified":"2024-10-30T14:18:31+00:00","mainEntityOfPage":{"@id":"https:\/\/euroone.hu\/en\/use-of-threat-reports-in-information-security-risk-assessments\/"},"wordCount":341,"publisher":{"@id":"https:\/\/euroone.hu\/#organization"},"image":{"@id":"https:\/\/euroone.hu\/en\/use-of-threat-reports-in-information-security-risk-assessments\/#primaryimage"},"thumbnailUrl":"https:\/\/euroone.hu\/wp-content\/uploads\/2023\/09\/Threat-report-blogposzt.jpg","articleSection":["Blog"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/euroone.hu\/en\/use-of-threat-reports-in-information-security-risk-assessments\/","url":"https:\/\/euroone.hu\/en\/use-of-threat-reports-in-information-security-risk-assessments\/","name":"Use of Threat Reports in Information Security Risk Assessments - EURO ONE","isPartOf":{"@id":"https:\/\/euroone.hu\/#website"},"primaryImageOfPage":{"@id":"https:\/\/euroone.hu\/en\/use-of-threat-reports-in-information-security-risk-assessments\/#primaryimage"},"image":{"@id":"https:\/\/euroone.hu\/en\/use-of-threat-reports-in-information-security-risk-assessments\/#primaryimage"},"thumbnailUrl":"https:\/\/euroone.hu\/wp-content\/uploads\/2023\/09\/Threat-report-blogposzt.jpg","datePublished":"2023-09-07T15:32:00+00:00","dateModified":"2024-10-30T14:18:31+00:00","description":"Threat reports help you identify real threats and provide effective risk analysis for information security.","breadcrumb":{"@id":"https:\/\/euroone.hu\/en\/use-of-threat-reports-in-information-security-risk-assessments\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/euroone.hu\/en\/use-of-threat-reports-in-information-security-risk-assessments\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/euroone.hu\/en\/use-of-threat-reports-in-information-security-risk-assessments\/#primaryimage","url":"https:\/\/euroone.hu\/wp-content\/uploads\/2023\/09\/Threat-report-blogposzt.jpg","contentUrl":"https:\/\/euroone.hu\/wp-content\/uploads\/2023\/09\/Threat-report-blogposzt.jpg","width":1200,"height":630,"caption":"Pop Art Successful Businessman Gesturing OK. Business Success. Vector illustration"},{"@type":"BreadcrumbList","@id":"https:\/\/euroone.hu\/en\/use-of-threat-reports-in-information-security-risk-assessments\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Kezd\u0151lap","item":"https:\/\/euroone.hu\/en\/"},{"@type":"ListItem","position":2,"name":"Use of Threat Reports in Information Security Risk Assessments"}]},{"@type":"WebSite","@id":"https:\/\/euroone.hu\/#website","url":"https:\/\/euroone.hu\/","name":"Euroone","description":"","publisher":{"@id":"https:\/\/euroone.hu\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/euroone.hu\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/euroone.hu\/#organization","name":"Euroone","url":"https:\/\/euroone.hu\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/euroone.hu\/#\/schema\/logo\/image\/","url":"https:\/\/euroone.hu\/wp-content\/uploads\/2024\/09\/EURO-ONE-szines-logo.png","contentUrl":"https:\/\/euroone.hu\/wp-content\/uploads\/2024\/09\/EURO-ONE-szines-logo.png","width":741,"height":768,"caption":"Euroone"},"image":{"@id":"https:\/\/euroone.hu\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/euroone","https:\/\/www.linkedin.com\/company\/euro-one\/","https:\/\/www.youtube.com\/@euroonezrt"]},{"@type":"Person","@id":"https:\/\/euroone.hu\/#\/schema\/person\/4ced8c2e07485df9444f6fa525765543","name":"laszlo.mate","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/euroone.hu\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/33e54dec0cd79fc4b5e911c15f836c46ec8d0e452ecd3ca5f707bce0a3540a3b?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/33e54dec0cd79fc4b5e911c15f836c46ec8d0e452ecd3ca5f707bce0a3540a3b?s=96&d=mm&r=g","caption":"laszlo.mate"},"sameAs":["http:\/\/euroone.local"],"url":"https:\/\/euroone.hu\/en\/author\/laszlo-mate\/"}]}},"_links":{"self":[{"href":"https:\/\/euroone.hu\/en\/wp-json\/wp\/v2\/posts\/2124","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/euroone.hu\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/euroone.hu\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/euroone.hu\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/euroone.hu\/en\/wp-json\/wp\/v2\/comments?post=2124"}],"version-history":[{"count":3,"href":"https:\/\/euroone.hu\/en\/wp-json\/wp\/v2\/posts\/2124\/revisions"}],"predecessor-version":[{"id":2128,"href":"https:\/\/euroone.hu\/en\/wp-json\/wp\/v2\/posts\/2124\/revisions\/2128"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/euroone.hu\/en\/wp-json\/wp\/v2\/media\/1425"}],"wp:attachment":[{"href":"https:\/\/euroone.hu\/en\/wp-json\/wp\/v2\/media?parent=2124"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/euroone.hu\/en\/wp-json\/wp\/v2\/categories?post=2124"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/euroone.hu\/en\/wp-json\/wp\/v2\/tags?post=2124"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}