Ken Bradley sent me a link to Northrop Grumman's Timothy McKnight on Security and Identity Management by Katherine Walsh of CSO Magazine. It's an older article but I liked this part:
CSO: Can you tell me about the formation of the Cyber Threat Analysis Intelligence Group and its role at Northrop Grumman?
McKnight: That team's focus is on the nation-state threat, which the DoD is now terming the "advanced persistent threat." These are well resourced, highly targeted attacks at corporations and governments [by groups] that are looking primarily to steal intellectual property and gain competitive advantage.
The Cyber Threat Analysis Intelligence Group is made up of techies and people with government analyst backgrounds. Their job is to focus on the technologies that are considered the crown jewels of Northrop Grumman. They look at the technologies we provide for the government, who the biggest threat to those technologies is, who needs them the most, how they [may be] targeting that information and what can we do to protect against it. That group is deploying customized solutions to handle all of that.
Notice this group is asset-centric and threat-centric, i.e., they look to see what matters to the company (and what might matter to an adversary) and they also identify who might want to steal it.
This is in stark contrast to the vulnerability-centric stance of most security shops. Sure, you always need to know your weaknesses, but the idea of paying attention to what matters to you, and by extension, what information a threat might want to exfiltrate/degrade/deny, is excellent. I expect the work this group does also helps NG to Unify Against Threats.
Richard Bejtlich is teaching new classes in DC and Europe in 2009. Register by 1 Jan and 1 Feb, respectively, for the best rates.