Cyber Threat Intelligence (CTI) Part 3 — CTI Lifecycle — Planning & Direction
For a quick recap of an introduction to Cyber Threat Intelligence (CTI) and what are the skill set requirements a CTI analyst should have, please check out the first 2 parts of this series:
Cyber Threat Intelligence Part 1 — Quick Introduction to Cyber Threat Intelligence
Cyber Threat Intelligence part 2 — What are the skill set requirements for a Cyber Threat Analyst?
In this blog, I‘ll introduce the CTI lifecycle with a focus on the first stage: Planning & Direction
Alifecycle is typically defined as the various stages of development from its embryonic stage to maturity to eventually heading to its expected decline before starting over.
CTI lifecycle is no different, it goes into its respective phases from infancy (planning & direction) to its eventual decline (feedback) before starting over.
Keep in mind, this is an iterative cycle, meaning each cycle should incrementally improve compared to its predecessor.
The stages of a CTI lifecycle are :
- Planning & Direction
- Collection
- Processing
- Analysis
- Dissemination
- Feedback
The intent of the Planning & Direction stage in any CTI process is to answer some or all of these key questions:
- Who are your potential threat actors?
- What are their key motivations?
- What could be their frequency of attacks?
- What is their attack surface of choice in relation to your processes, systems, and technologies?
- What mitigating steps can be taken to safeguard the organization?
- Are there other organizations that are similar in nature also being targeted?
As a part of the Planning & Direction stage, it is essential to understand the difference between raw data, information, and intelligence. We have explained the importance of raw data in part 1 of this series.
Raw Data when processed becomes Information. Information when analyzed by the CTI team to provide an assessment becomes Intelligence.
While Intelligence is what enables you & leadership to make a formed decision, it will always be a refined product and will never be a simple “Yes” or “No” question. It should be subject to a continuous improvement process that aims at improving its accuracy and relevance. This approach will ensure an informed decision can be made to stay ahead of rapidly evolving threats and, ultimately strengthen organizational security posture.
The Planning & Direction is the most important stage of the CTI lifecycle as it sets the scope and purpose of the data that is collected. It answers the ‘Why’ question and sets the right agenda and direction for all the intelligence-related activities that take place.
The planning & direction stage also helps in setting the requirements for the intelligence collection process. The threat intelligence requirements play a vital role in setting the goals for the CTI team. These goals will provide the objectives for the CTI team to fulfill so that gaps in understanding/knowledge can be identified and addressed to help in detection and response activities.
During this phase, it is also important to understand the threats landscape and threat models. we will cover threat models in another Blogspot.
In the next part, I will talk about the second stage of the CTI lifecycle — Collection.
Thanks for reading and as always, all feedback is welcome.
Lastly, if you enjoy any of my blogs, it would be awesome if you could please follow me as a sacrifice for the algorithm :)