Enterprises and governments are prioritizing the need for a threat intelligence practice capable of aligning action to changing threats. With the growing diversity of threat intelligence products on the market, the emerging challenge is deciding where to start and how to make the right decisions about investment in people, processes, and technology.
For years, IT research organizations have reported that most large enterprises consider establishing or improving their cyber threat intelligence (CTI) capabilities a high or critical priority. Yet, many enterprises never move beyond a continual game of cyber threat whack-a-mole. This reactive approach prevents them from digging out from under a mountain of indicators of compromise (IOCs) to focus on threat actors’ tactics, techniques, and procedures (TTPs).
This paper discusses a framework for assessing and measuring the maturity of threat intelligence efforts and supporting organizations in progressing from reactive actions to predictive and pre-emptive CTI operations. In addition, unlike other capability maturity models, the framework described in this paper defines a set of effectiveness metrics that help align the CTI team’s actions with the needs of operational, tactical, and strategic stakeholders.