What Is the Difference Between Information and Intelligence?
It can be easy to confuse intelligence with information. The difference is that information–for example data feeds with bad IP addresses or other indicators for machine-to-machine consumption—does not have enough context by themselves to drive action. Intelligence includes this information, but with added analysis and context, including behavioral, technological and even cultural knowledge. Raw data is a necessary component of threat intelligence, but the two are not the same.
Following is a brief comparison of the two concepts:
- Raw, unfiltered feed
- Unevaluated when delivered
- Aggregated from virtually every source
- May be true, false, misleading, incomplete, relevant or irrelevant
- Not actionable
- Processed, sorted information
- Evaluated and interpreted by trained Intelligence Analysts
- Aggregated from reliable sources and cross- correlated for accuracy
- Accurate, timely, complete (as possible), assessed for relevancy
1. Planning & Requirements
Define a clear CTI mission that speaks to the goals of the program. Highlight the use of a requirements-based approach with continuous management of its execution. This will drive the lifecycle process and reduce organizational risk through informed direction of resources.
2. Collections & Processing
Using a data acquisition strategy, determine how, when, why, and what should be collected to fulfill requirements. Normalize, de-dupe and enrich threat data to produce information that’s consumable and applicable. To reduce processing time, automated collection systems – such as a Threat Intelligence Platform (TIP) – are increasingly utilized across today’s enterprises.
Evaluate, analyze and interpret the processed information against your program’s requirements to provide sound analytic judgments that determine confidence, relevance, likelihood, and threat impact. Assess collection gaps to satisfy requirements.