It is not enough to simply collect the data — it must be used to paint the bigger picture of what is happening in the organization’s threat landscape. To do this, the data must be monitored, analyzed, trended, quantiÕed into metrics and then delivered to the appropriate audience to take action upon — daily, weekly, monthly, quarterly, yearly and even on-demand reporting can all serve to complete this picture. Intelligence production must answer different groups of stakeholder questions to the right level of operational detail, in a timely manner and in an ingestible format. 47% In this way, purchasing reporting, which is sold to multiple organizations, often does of organizations say their information not account for the speciÕc operational needs of your own organization, and it is security function reports to board-level for this reason that more and more organizations are asking how to make use of stakeholders less than twice a year threat intelligence reporting. Mniquely deÕned requirements, focused collection, and operational driven production are the answers. Using the intelligence to support the entire organization Cyber threat intelligence supports both decision%macers and security operations Collected and produced CTI must be integrated through processes designed to support both decision makers and security operations. The input processes and output products of a CTI program should be designed with the goal of improving cyber threat awareness across the entire organization at a variety of levels. EY believes that this can be achieved when CTI is viewed through the lens of “tactical,” “strategic” and “current” intelligence components and delivered to relevant stakeholders. CTI program components Tactical intelligence Strategic intelligence Current intelligence Acts as a force multiplier for internal Translates cyber threats into Rapidly delivers early warnings of • • • security operations to improve business risk the latest threats to stakeholders organizational threat posture Empowers business decision-makers across the organization • Drives agile, Öexible strategic and Provides technical intelligence that to prioritize short-term strategic • • actions tactical intelligence functions can be rapidly integrated within an organization’s native sensor and Same-day analysis of emerging Translates cyber threats into • Õrst line of defense capabilities • vulnerabilities with suggested Leverages adversary life cycle business risk remediation actions • analysis to reÕne various security operations functions @ow do you Ônd the criminals before they commit the cybercrime? — A close look at cyber threat intelligence | 11