Threat intelligence goes through a feedback cycle in order to keep pace with an ever-changing environment. While there are several methodologies that can place context around this challenge, one that is often utilized is the cycle of intelligence that is used by the US Department of Defense.
This cycle provides the framework and a starting point for organizations to incorporate threat intelligence into their operations:
- Direction: Decision makers such as the CISO, information security personnel or incident response analysts set down what threat intelligence is required. In determining the requirements for intelligence, it is a good practice to identify the users of each of the types of threat intelligence previously discussed. For example, a CISO might want threat intelligence about what trends in cyber-attacks against hospitals are anticipated in the next year. An incident response analyst may require intelligence on what the individual IOCs of malware are...