Completeness means that each piece of intelligence gives a full picture of the threat, including actors, methodologies and affected systems, says Callie Guenther, senior manager of cyber threat research for Critical Start. Meanwhile, accuracy is perhaps one of the most crucial elements of quality that will make or break a source’s value. “The credibility and reliability of the source are paramount,” she says. “Inaccurate intelligence can lead to false positives, wasted resources, and potential exposure to unaddressed threats.”
Relevance means that the intelligence is pertinent to the organizations industry, tech stack, and geographical location. And timeliness is all about ensuring that intelligence is current enough that it can make a difference in how an organization will act. Obviously, intelligence sources will often have to strike a balance between timeliness and accuracy as threat research unfolds.
Finally, Guenther would add another ‘A’ into the mix to make it CAART: actionability. “Intelligence should be detailed and specific enough to drive security actions, such as tuning security devices, updating policies, or patching vulnerabilities,” she says.
_Herr_Loeffler_shutterstock.jpg?disable=upscale&width=1200&height=630&fit=crop&w=332&resize=332,0&ssl=1 "FBI Wraps Up Eradication of Chinese ‘PlugX’ Malware")
_Herr_Loeffler_shutterstock.jpg?disable=upscale&width=1200&height=630&fit=crop&w=688&resize=688,387&ssl=1 "FBI Wraps Up Eradication of Chinese ‘PlugX’ Malware")
