Intelligence Requirements in Cyber Threat Intelligence

Photo by Carlos Esteves on Unsplash

Intelligence Requirements in the CTI Cycle

  1. Planning & Direction: define the IRs
  2. Collection: gather data relevant to the IRs
  3. Processing: make data ready to analyze for relevance to the IRs
  4. Analysis & Production: assess the meaning of the data relevant to the IRs
  5. Dissemination/Distribution: share intel relevant to the IRs
  6. Feedback: gather input about how well the intel matched the IRs

Example Intelligence Requirements

  • What vulnerabilities are being exploited?
  • What vulnerabilities can we detect?
  • What exploits can do we need to watch for?
  • What exploits can we defend against?
  • What vulnerabilities are threat actors targeting?
  • What assets do we need to defend?
  • What threat actors do we need to watch for?
  • What threats is our industry facing?
  • What threats is our geographic area facing?
  • What security concerns keep executives up at night?

Prioritizing Intelligence Requirements

As you can imagine, the list of IRs can quickly become very long. Even organizations that have large CTI teams still have a limited amount of time they can put into CTI efforts. IRs must be prioritized so that analysts know how to allocate their time and energy.

Benefits of Intelligence Requirements

  • By focusing efforts, IRs enable more efficient use of InfoSec resources.
  • By setting clear requirements, IRs make it easier to measure the success of CTI.
  • By enabling the measurement of CTI success, IRs make it easier to justify the expense of CTI operations.

Additional Resources

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store