With the coming new year comes new strategies to implement, new budgets to work with, and new threats to prevent from harming your business. I’ve personally seen a shift in the past year where more organizations are moving beyond the basic understanding of what threat intelligence is and moving into a planning and implementation process to start benefitting from the value that good intel can provide.
The first step in planning to add threat intelligence into your security and risk program should really focus around the following key questions:
• What is the goal of the intel we want to have?
• Who are the key stakeholders that the intel should serve?
• What are the assets and information we are most concerned about protecting?
• What decisions and outcomes should the intel impact?
• How will results be measured?
• Are we collecting any internal intel already? If not, this is where we should start.
• Should we outsource our intel operation, build in-house or go with a hybrid approach?