Browse Definitions :
Definition

counterintelligence

Counterintelligence (CI) is the information gathered and actions taken to identify and protect against an adversary’s knowledge collection activities or attempts to cause harm through sabotage or other actions. The goal of CI is to ensure information cannot be modified or destroyed by a malicious actor and that only authorized people can access an organization's information.

CI is often associated with intelligence agencies, government organizations or the military but businesses also benefit from including CI in their approach to security. In cybersecurity, counterintelligence is used to support the information security triad of Confidentiality, Availability, and Integrity (CIA). Many organizations practice aspects of CI, but refer to it by different names, including data loss prevention (DLP), malware reverse engineering and Network forensics.

How counterintelligence works

Counterintelligence activities can be categorized as being either collective, defensive or offensive. Collective CI efforts focus on learning who the adversary is, how they collect information, what attack vectors they are targeting and what tools they are using. Defensive CI efforts focus on securing information and preventing an adversary from stealing or destroying it. Offensive CI activities focus on turning an attack into an opportunity to gain an advantage by using disinformation.

While most information technology (IT) security administrators routinely conduct defensive CI and collective CI, the value of using offensive CI is not always understood. With the right implementation, deception technology can be used to improve collective, defensive and offensive CI. Deception technology uses decoys, such as honeypots and virtual honeypots, to misdirect an attack and delay or prevent the attacker from going deeper into the network and reaching the intended target. By observing the tactics, techniques and procedures attackers use in their attack, defenders can gain valuable insight that can be incorporated into their defenses.

This was last updated in May 2018

Continue Reading About counterintelligence

SearchCompliance
  • ISO 31000 Risk Management

    The ISO 31000 Risk Management framework is an international standard that provides businesses with guidelines and principles for ...

  • pure risk

    Pure risk refers to risks that are beyond human control and result in a loss or no loss with no possibility of financial gain.

  • risk reporting

    Risk reporting is a method of identifying risks tied to or potentially impacting an organization's business processes.

SearchSecurity
  • What is cyber hygiene and why is it important?

    Cyber hygiene, or cybersecurity hygiene, is a set of practices individuals and organizations perform regularly to maintain the ...

  • Pretty Good Privacy (PGP)

    Pretty Good Privacy or PGP was a popular program used to encrypt and decrypt email over the internet, as well as authenticate ...

  • email security

    Email security is the process of ensuring the availability, integrity and authenticity of email communications by protecting ...

SearchHealthIT
SearchDisasterRecovery
  • What is risk mitigation?

    Risk mitigation is a strategy to prepare for and lessen the effects of threats faced by a business.

  • fault-tolerant

    Fault-tolerant technology is a capability of a computer system, electronic system or network to deliver uninterrupted service, ...

  • synchronous replication

    Synchronous replication is the process of copying data over a storage area network, local area network or wide area network so ...

SearchStorage
  • information lifecycle management (ILM)

    Information lifecycle management (ILM) is a comprehensive approach to managing an organization's data and associated metadata, ...

  • WORM (write once, read many)

    In computer media, write once, read many, or WORM, is a data storage technology that allows data to be written to a storage ...

  • direct access

    In computer storage, direct access is the process of reading and writing data on a storage device by going directly to where the ...

Close