Threat Intelligence Cycle

  • Planning and Requirements

    • Goals

    • Business-aligned

    • Regulations

    • Most likely Threats

  • Collection and Processing

    • Organized

    • Consistent

    • Automated (as much as possible)

    • Choose sources of intelligence

    • Processing and normalizing

  • Analysis

    • More data!

    • Too much data!

    • Automation

    • Scripts (bash, python, powershell)

    • SIEM

  • Dissemination - Communicating analysis findings

    • Internal communication

    • Choose your audience

    • Types:

      • Strategic Intelligence - Long term objectives

      • Operational Intelligence - Day to day short term objectives

      • Tactical Intelligence - Right now

    • Outside communication: maybe...

  • Feedback

    • New findings, new information

    • Lessons learned

    • New Threats? Need for change?

    • People, we've got work to do!

PreviousCySA+ CS0-002 Exam ObjectivesNextIntelligence Sources

Last updated