Chapter 2. The Threat Intelligence Cycle
As established in Chapter 1, threat intelligence is not a data feed. Instead, threat intelligence is a system. Good threat intelligence teams have a process in place that gives them the ability to continuously adjust to new threats and quickly incorporate new data sources into their intelligence process. Almost all threat intelligence organizations use the intelligence cycle model, with some variation in the terms and numbers of phases.
The Intelligence Cycle
The most commonly used threat intelligence model is the intelligence cycle, shown in Figure 2-1, or a variant on this model.
Figure 2-1. The Intelligence Cycle
This is the model that is used by military intelligence, and it consists of five parts, some of which have already been discussed:
- Planning and Direction
- Collection
- Processing
- Production
- Dissemination
At the core of the intelligence cycle is the mission. The five components of the intelligence cycle revolve around helping the organization succeed in its mission. Note that no one part of the intelligence cycle is more important than the other parts. In order for a threat intelligence program to be effective, all components of the threat intelligence cycle have to work equally well.
Intelligence Requirements
The flow of the intelligence cycle allows the threat intelligence team to sift through the incredible amounts of data ...
Get Threat Intelligence in Practice now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
