Building a CTI program and team


In this chapter, we outline how to start a Cyber Threat Intelligence (CTI) program and establish a CTI Team in an organization focusing in particular on the problem CTI solves and the value it brings. Then we focus on details such as what type of data and information needs to be collected and produced and what tools and technologies can be employed to enable CTI. At this point, it may be appropriate to discuss which vendors and solutions to utilize to meet the defined objectives.

To develop an efficient and effective CTI program and well-aligned CTI team, we need to understand the CTI concepts presented in the Curriculum and start to develop CTI requirements and teams with complementary skills to build critical processes based on our organization's requirements and then map processes to outcomes to demonstrate the merit of CTI activities and tools to accelerate their CTI program.

This chapter will cover how to build and present the CTI program to management and technical stakeholders by providing a Starter Kit, and it will also provide a guideline to check for how a Threat Intelligence program should evolve in phases and what is expected during each one of them. In addition, it will present examples of threat modeling to tune your CTI program's effectiveness.