How to craft a threat intelligence strategy

An increasing number of CISOs are realizing the value of threat intelligence to protecting the enterprise, helping the infosec team doing the day-to-day defending. But if you don’t already have a unit/person assigned for doing this it may be daunting to start.

Adam Meyer, chief security strategist at SurfWatch Labs has written a useful two-part series for chief security officers who haven’t yet taken the plunge. In the first part he notes that leaders have to decide what is the goal of the data collection, what and how it should be collected, what finished, refined intelligence product should be produced, how and who it it should be delivered to and how should it be consumed.

The CISO also has to decide whether what is wanted is all or a combination of  tactical, operational or strategic threat intelligence.
The second part  talks about the two parts of a threat intelligence strategy: A collection plan and a management plan.

The collection plan is obvious: It has to define priorities and needs, sources of intel and what decision-makers need. Why a management plan? Because, writes Meyer, intelligence is not a project but a capability that needs to be run like a program. So the management plan looks at who will be the intelligence analyst(s), tools to be used, how managers make requests to analysts. and if the deliverables are useful.

If you are thinking about adding threat intelligence to your weapons these two columns are a good place to start.

You may also find this white paper from the SANS Institute, ‘Who’s using cyberthreat intelligence and how’ to be useful.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@]

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now