Information provided by a source does not necessarily objectively represent the reality. The first factor is the reliability of the source and second it's ability to manage this type of information. As a result, the need for rating sources and the information they provide.
We suggest teams incorporate the NID1 model that is widely used in government and some of commercial entities. According to this model the sources are classified in order of decreasing reliability from "A" to "E", where "F" is designated for the case where judgement cannot be made.
In turn, the specific piece of information itself is ranked in decreasing order from "1" to "5", where "6" is reserved for the case where judgement cannot be made.
|A||Reliable||No doubt about the source's authenticity, trustworthiness, or competency. History of complete reliability.|
|B||Usually reliable||Minor doubts. History of mostly valid information.|
|C||Fairly reliable||Doubts. Provided valid information in the past.|
|D||Not usually reliable||Significant doubts. Provided valid information in the past.|
|E||Unreliable||Lacks authenticity, trustworthiness, and competency. History of invalid information.|
|F||Cannot be judged||Insufficient information to evaluate reliability. May or may not be reliable.|
|1||Confirmed||Logical, consistent with other relevant information, confirmed by independent sources.|
|2||Probably true||Logical, consistent with other relevant information, not confirmed.|
|3||Possibly true||Reasonably logical, agrees with some relevant information, not confirmed.|
|4||Doubtfully true||Not logical but possible, no other information on the subject, not confirmed.|
|5||Improbable||Not logical, contradicted by other relevant information.|
|6||Cannot be judged||The validity of the information can not be determined.|
An example would be a CTI provider with well trusted feeds which is introducing new experimental feed. Initially this feed may be classified as "A3" since the data feed has not been tuned yet.
Another example would be information gathered in underground forum from an actor, who for the most part has provided good information, but in a particular instance their information does not fit well, or contradicts other information from multiple sources can be rated as "B4".
Army FM2-22.3, via Wikipedia: https://en.wikipedia.org/wiki/Intelligence_source_and_information_reliability
Discuss any interactions with the underground with your company lawyers. Different companies have different risk tolerance levels. In mature companies there are guides and framework for performing this type of work, designed to protect the employee and the company. ↩ ↩