Shutterstock.com Leadership Privacy & Security Public Sector How to craft a threat intelligence strategy Howard Solomon @HowardITWC Published: July 19th, 2016An increasing number of CISOs are realizing the value of threat intelligence to protecting the enterprise, helping the infosec team doing the day-to-day defending. But if you don’t already have a unit/person assigned for doing this it may be daunting to start.Adam Meyer, chief security strategist at SurfWatch Labs has written a useful two-part series for chief security officers who haven’t yet taken the plunge. In the first part he notes that leaders have to decide what is the goal of the data collection, what and how it should be collected, what finished, refined intelligence product should be produced, how and who it it should be delivered to and how should it be consumed. Related Articles Threat intelligence exchanges OK, but most prefer to receive intel rather than giveIn some circles it is more blessed to give than to receive. Not among infosec pros, a survey suggests. Almost... March 22nd, 2016 Howard Solomon @HowardITWC Threat intelligence collection choice: In-house or outsource?Over the past 12 months or so cyber intelligence has become one of the new catch phrases of the infosec... August 17th, 2015 Howard Solomon @HowardITWC The CISO also has to decide whether what is wanted is all or a combination of tactical, operational or strategic threat intelligence. The second part talks about the two parts of a threat intelligence strategy: A collection plan and a management plan.The collection plan is obvious: It has to define priorities and needs, sources of intel and what decision-makers need. Why a management plan? Because, writes Meyer, intelligence is not a project but a capability that needs to be run like a program. So the management plan looks at who will be the intelligence analyst(s), tools to be used, how managers make requests to analysts. and if the deliverables are useful.If you are thinking about adding threat intelligence to your weapons these two columns are a good place to start.You may also find this white paper from the SANS Institute, ‘Who’s using cyberthreat intelligence and how’ to be useful.Would you recommend this article?00 Thanks for taking the time to let us know what you think of this article! We'd love to hear your opinion about this or any other story you read in our publication. Click this link to send me a note →Jim Love, Chief Content Officer, IT World Canada Leadership, Privacy & Security, Public Sector security strategies, threat intelligence