This chapter focuses on developing and streamlining a Threat Intelligence capability within a commercial organization. It is most beneficial to greenfield efforts, but it can also be used by organizations with already established programs. It provides a staged approach to develop the capability and avoid making costly redundant steps.
There are different levels of maturity for a CTI program. The three stages described here are intended to be a general guideline, and your company’s implementation may differ from them to fit your company’s needs. In each stage, the team can demonstrate clear inputs, capabilities, and outputs, which later phases can efficiently build upon.
This document is intended for companies that are looking to build Threat Intelligence capability. It roughly separates the process of building up a team into three stages. In each stage, the team can demonstrate clear inputs, capabilities, and outputs, which later stages can efficiently build upon.
While there is variety in the ways a CTI (Cyber Threat Intelligence) program may develop, there are certain commonalities in the stages of development of the maturity of a CTI (Cyber Threat Intelligence) program. The stages described in this model are intended to be a general guideline and a company’s implementation may differ from them to fit a company’s needs. Not all companies will need to go through all phases of development based on their stakeholders' requirements. In some cases, it may be best to stay in stage 1 and outsource more advanced activities.