Skip to main content

Five Things to Consider for a Successful Intelligence Team - Part 3

July 31, 2014

#3 - Allow for Open Communication

Part 1 and Part 2 of this series concentrated on people, tools and encouraging DEVOPS. All of these are great considerations when building or beginning intelligence operations to support information security programs. They go a long way in establishing and providing support to Security Operations Centers, or security operations in any form, but to take it a step further an organization should allow for open communication of the intelligence staff.

As we all know, communication is imperative for any type of operation, whether it is in the information technology/security realm or standard business operations. But when dealing with the ever changing threat that we all face in today’s “internet of things” era, communication needs to be wider and more open for an intelligence team.Intelligence Team

Using the intelligence cycle, we can see the importance of open communication. The intelligence cycle is a repeatable process used by an analyst or group of analysts to attack a specific problem or threat the organization faces. The end result should ultimately be a finished product to be disseminated throughout the organization. The Intelligence Requirement, found at the beginning of the cycle, is built around gaps in intelligence that need to be filled. To start building these requirements, the intelligence staff needs access to the separate lines of business within the organization from information technology and security, the overall user base (human resources, sales, marketing, etc…) and the C-level executives. Communication with key players in each of these respective divisions will allow for the information gathering required in developing intelligence requirements and will provide a conduit to collect information not normally seen within the security infrastructure. 

With direct communication to internal IT and security staff, the intelligence team can gain critical data on successful and tried exploits, gathering data on attacker’s Tactics, Techniques and Procedures (TTPs) and Indicators of Compromise (IOC), while also providing assistance with remediation and hardening of attacked or exploited assets. Additionally, by having a conduit to executive staff and management, knowledge of upcoming shifts in operations, personnel and locations can be captured to develop a strategic assessment of how this could affect the threat footprint.

For example, if a new product is being designed or a new location is to be opened, there are several different vulnerabilities that can expose the organization to corporate espionage or geographic specific threats. These threats can be predicted, and countermeasures can be processed and disseminated to dampen the likelihood of compromise.

The insider threat is one that exists in every organization, regardless of the size or scope of the security program. By leveraging intelligence and having open lines of communication between the user base and the intelligence organization, it allows for enhanced training and situational awareness through security alerts and bulletins as current and emerging threats are discovered.

Pulling it together, you can see that opened lines of communication not only add to the ability to create sound intelligence requirements, but can also be a good means for collection from internal sources, outside of security appliances and devices. Dissemination of a final analytical product is self-explanatory, but needs to be mentioned because of the reach an intelligence staff should have within the organization to answer requirements.

Finally, the intelligence team should have access to external sources for information sharing and research purposes. These external sources could range from local and federal law enforcement to industry experts and research organizations to community groups centered on information security or industry specific.

Additional Installments

    Danny Pickens

By: Danny Pickens

Senior Director, Theat Management Operations

See More

Related Blogs

August 26, 2014

Five Things to Consider for a Successful Intelligence Team - Part 4

In Part 3, “Allow for Open Communication,” I talked about the need for open communication to and from the intelligence team. For this edition, I am go...

See Details

September 04, 2014

Five Things to Consider for a Successful Intelligence Team - Part 5

The previous four parts in this series have covered subjects necessary to make an intelligence staff a successful endeavor for an enterprise. In this ...

See Details

July 17, 2014

Five Things to Consider for a Successful Intelligence Team - Part 1

I’ve had the opportunity to travel a bit and “evangelize” about Intelligence - what it is and the basic methodology surrounding it. The “Take Away” po...

See Details

How Can We Help?

Let us know what you need, and we will have an Optiv professional contact you shortly.

Privacy Policy

Related Insights

July 29, 2016

2016 Cyber Threat Intelligence

Learn how Optiv’s cyber threat intelligence solution helps clients improve their threat response approach.

See Details

October 06, 2017

Managed Security Services - Service Guide

Learn about our flexible and scalable services to improve your security capabilities.

See Details

April 19, 2018

Cyber Threat Intelligence as-a-Service

Learn how Optiv’s Cyber Threat Intelligence as-a-Service solution provides you with an advanced "beyond the perimeter" capability as a part of your cy...

See Details

Stay in the Know

For all the latest cybersecurity and Optiv news, subscribe to our blog and connect with us on Social.


Join our Email List

We take your privacy seriously and promise never to share your email with anyone.

Stay Connected

Find cyber security Events in your area.