2

3

Direction

Access

Analysis & Assessment

Dissemination

Action

Customer

Gather Information

Insight

Expert Schema

Assess Source

Define Action

4

Immediate Threat

Evolving Threat

Long Term Threat

Trend Analysis

Horizon Scanning

Futurology

Situational Awareness Strategic Intelligence

5

High-level Information on

changing risk The board

Details of a specific Incoming attack

Defenders

Attacker Methodologies, Tools and tactics Architects & Sysadmins

Indicators of Specific malware SOC staff / IR

Lon

g-Te

rm U

se

Sho

rt-T

erm

Use

Low Level High Level

6

Threat Source

Threat Event

Vulnerability Adverse Impact

Initiates Exploits Causing

Characteristics: • Capability • Intent • Target

Sequences: • Actions • Activities • Scenarios • Relevance

Conditions: • Pervasiveness • Severity Controls: • Effectiveness

Risk: • Likelihood • Impact

Risk View

7

Driving Forces

Public Cyber Data

Past Incident Records

Adversaries (Threat Source)

Threat Scenarios

Adverse Impacts

Threat Events

TTPs Controls

Threat Personas

Technical Indicators

Tactical View

8

9

10

11

Threat Events

Countries & Regions

Industries

Selection Bias

Sample Bias

12

13

14

15

16

Threat Scenarios

Threat Events

TTPS

Many to Many

Many to Many Specific

Instance with extensive business context.

Collection of TTPs with

limited Business Context Standards

not used / many fudges

17