How we can use the principles of intelligence for better cyber threat intelligence
The principles of intelligence refer to a set of guiding principles that are used to inform and guide the intelligence process, regardless of the specific context in which it is being applied. These principles include the following:
Objectivity Intelligence analysts should remain objective and unbiased in their assessments, avoiding preconceived notions and personal biases that may influence their analysis.
Accuracy Intelligence should be based on accurate and reliable information, obtained through a variety of sources and methods.
Timeliness Intelligence should be provided in a timely manner, to ensure that it can be acted upon before it becomes irrelevant or outdated.
Relevance Intelligence should be relevant to the needs of the consumer, addressing specific questions and concerns that are of strategic or operational importance.
Completeness Intelligence should provide a comprehensive and complete picture of the subject being analyzed, including both positive and negative information.
Clarity Intelligence should be presented in a clear and understandable manner, using language and formats that are appropriate for the intended audience.
When applied to the context of cyber threat intelligence, these principles
take on a specific set of applications, including the following:
Objectivity Cyber threat intelligence analysts should remain objective and unbiased in their assessments, avoiding assumptions or preconceived notions that may skew their analysis.
Accuracy Cyber threat intelligence should be based on accurate and reliable information, obtained through a variety of sources and methods, including open source intelligence (OSINT), human intelligence (HUMINT), and technical intelligence (TECHINT).
Timeliness Cyber threat intelligence should be provided in a timely manner, to ensure that it can be acted upon before a cyber attack occurs or before the impact of a cyber attack becomes irreversible.
Relevance Cyber threat intelligence should be relevant to the needs of the organization, addressing specific questions and concerns that are of strategic or operational importance, such as the identification of threat actors, their tactics, techniques, and procedures (TTPs), and the vulnerabilities that may be exploited.
Completeness Cyber threat intelligence should provide a comprehensive and complete picture of the threat landscape, including both positive and negative information, to enable decision-makers to make informed and effective decisions.
Clarity Cyber threat intelligence should be presented in a clear and understandable manner, using language and formats that are appropriate for the intended audience, which may include technical staff, management, and executives.