What is the Threat Intelligence Lifecycle?
The threat intelligence lifecycle is a fundamental framework for all fraud, physical and cybersecurity programs—whether mature and sophisticated in their operations, or merely aspiring.
At a high level, the threat intelligence lifecycle outlines the core steps to apply and uphold high standards of data hygiene necessary to confidently draw conclusion and take action based on the data. This iterative and adaptable methodology contains five phases that ultimately converts raw data into finished intelligence.
Key Objectives at Each Phase of the Threat Intelligence Lifecycle
- Planning and direction: Set the scope and objectives for core intel roles and processes.
- Collection: Deploy data gathering and processing techniques and sources.
- Analysis: Translate raw intel into meaningful and taxonomized actors, events, and attributes.
- Production: Assess intel significance and severity based on business and environmental context.
- Dissemination and feedback: Report on finished intel, considering urgency and confidentiality.