Browse Definitions :
Definition

counterintelligence

Counterintelligence (CI) is the information gathered and actions taken to identify and protect against an adversary’s knowledge collection activities or attempts to cause harm through sabotage or other actions. The goal of CI is to ensure information cannot be modified or destroyed by a malicious actor and that only authorized people can access an organization's information.

CI is often associated with intelligence agencies, government organizations or the military but businesses also benefit from including CI in their approach to security. In cybersecurity, counterintelligence is used to support the information security triad of Confidentiality, Availability, and Integrity (CIA). Many organizations practice aspects of CI, but refer to it by different names, including data loss prevention (DLP), malware reverse engineering and Network forensics.

How counterintelligence works

Counterintelligence activities can be categorized as being either collective, defensive or offensive. Collective CI efforts focus on learning who the adversary is, how they collect information, what attack vectors they are targeting and what tools they are using. Defensive CI efforts focus on securing information and preventing an adversary from stealing or destroying it. Offensive CI activities focus on turning an attack into an opportunity to gain an advantage by using disinformation.

While most information technology (IT) security administrators routinely conduct defensive CI and collective CI, the value of using offensive CI is not always understood. With the right implementation, deception technology can be used to improve collective, defensive and offensive CI. Deception technology uses decoys, such as honeypots and virtual honeypots, to misdirect an attack and delay or prevent the attacker from going deeper into the network and reaching the intended target. By observing the tactics, techniques and procedures attackers use in their attack, defenders can gain valuable insight that can be incorporated into their defenses.

This was last updated in May 2018

Continue Reading About counterintelligence

SearchCompliance
  • OPSEC (operations security)

    OPSEC (operations security) is a security and risk management process and strategy that classifies information, then determines ...

  • smart contract

    A smart contract is a decentralized application that executes business logic in response to events.

  • compliance risk

    Compliance risk is an organization's potential exposure to legal penalties, financial forfeiture and material loss, resulting ...

SearchSecurity
  • email spam

    Email spam, also known as junk email, refers to unsolicited email messages, usually sent in bulk to a large list of recipients.

  • shadow password file

    A shadow password file, also known as /etc/shadow, is a system file in Linux that stores encrypted user passwords and is ...

  • browser hijacker (browser hijacking)

    A browser hijacker is a malware program that modifies web browser settings without the user's permission and redirects the user ...

SearchHealthIT
SearchDisasterRecovery
  • What is risk mitigation?

    Risk mitigation is a strategy to prepare for and lessen the effects of threats faced by a business.

  • change control

    Change control is a systematic approach to managing all changes made to a product or system.

  • disaster recovery (DR)

    Disaster recovery (DR) is an organization's ability to respond to and recover from an event that affects business operations.

SearchStorage
  • bare-metal restore

    A bare-metal restore (also referred to as bare-metal recovery or bare-metal backup) is a data recovery and restoration process ...

  • mSATA SSD (mSATA solid-state drive)

    An mSATA SSD is a solid-state drive (SSD) that conforms to the mSATA interface specification developed by the Serial ATA (SATA) ...

  • network-attached storage (NAS)

    Network-attached storage (NAS) is dedicated file storage that enables multiple users and heterogeneous client devices to retrieve...

Close