Tactical, Operational, Strategic Levels of CTI

Chad Warner
2 min readFeb 10, 2022

--

There are 3 levels of cyber threat intelligence: tactical, operational, and strategic. They progress from the micro to the macro level in terms of detail and time frame. These levels involve different goals, tasks, and results.

Photo by GR Stocks on Unsplash

Tactical CTI

Tactical CTI deals with the what (IoCs, TTPs); the low-level, technical details of individual attacks and attackers. It focuses on the short term.

Tactical CTI is usually produced for the incident response (IR) team, SOC analysts, risk analysts, IT, and IT tools (e.g., SIEM, firewalls, IDS/IPS, endpoints).

Operational CTI

Operational CTI deals with the how and where (TTPs); the mid-level details of attack campaigns and attackers. It’s the middle level between tactical and strategic CTI. It’s less technical than the tactical level, but more technical than the tactical level. It focuses on the medium term.

It helps mid-level decision-makers better understand vulnerabilities, threats, and attacks, to make more informed decisions about defending the organization against specific threats.

Operational CTI is usually produced for the incident response (IR) team, network security team, SOC analysts, threat hunters, vulnerability management team, risk analysts, and managers in IT (e.g., CISO, CIO) and other areas (e.g., PR, HR, legal).

Strategic CTI

Strategic CTI deals with the who (attribution) and why (motive, intent). It deals with the high-level, big-picture details about attack trends and the threat landscape. It’s the least technical level. It focuses on the long term.

It helps senior decision-makers make more informed decisions about mitigating risks and defending the organization against general threats.

Strategic CTI is usually produced for organizational leaders (e.g., CEO, CIO, CTO, CFO, other executives) and GRC (governance, risk, and compliance) analysts.

Additional Resources

--

--

Chad Warner
Chad Warner

Written by Chad Warner

Web Strategist at OptimWise. Cybersecurity & privacy enthusiast. Bookworm. Fan of Tolkien & LEGO.

No responses yet