Skip to main content

The 3 Pillars of Intelligence: Shaping Policy

January 13, 2015

In today’s world of evolving threats and a geo-political landscape that opens up attacks on private organizations by nation-state sponsored entities, security is a game. Inside every game, there is a strategy put in play to win. You base your strategy off of your opponent’s strengths and weaknesses, as well as your own. This is where intelligence comes in.

For intelligence to support an organization’s security strategy, it requires an ecosystem built around stakeholders at the strategic, operational and tactical levels. The consumers of strategic intelligence are the executives and leadership of an organization. For operational intelligence, it is the security analyst performing daily, SOC-style operations. On the tactical level, it can be split between security operations and incident response teams or the CSIRT. This dynamic approach creates an ecosystem that ensures coverage of intelligence throughout the organization and provides overall situational awareness as well as tailored analysis.

This blog series will cover how to effectively use intelligence in the game at all three levels, defining the purpose of each level as a pillar used to hold up the security program. The first pillar we will discuss is how strategic intelligence can help an organization Shape Policy.

Shaping Policy

If you were to ask a CISO “What drives security?” you would receive a number of answers, ranging from budget to technology to people. In reality, policy is what drives security operations.

Policy defines controls and provides justification for purchasing and implementing technologies as well as obtaining the personnel to manage and monitor the infrastructure. Policy establishes how an enterprise meets and maintains any number of compliances and federal regulations. The policy enacted for the organization directs proper user behavior (e.g. who can access critical infrastructure and user account privilege). In the end, it is policy that defines what security should be. Strategic intelligence is a driving factor in shaping and establishing that policy, from the boardroom down to the end-user.

This level of intelligence is tailored to deal with more long-term analysis of threats or problems that an organization will face based on its size, industry and current state of the security program. It also delivers intelligence to operations and senior leadership needed for policy, planning and resource allocation. The decisions made at this level directly influence the next two levels.

Risk Management

One of the major components of strategic intelligence that helps shape policy is risk management. This goes beyond identifying cyberthreats an organization may face, concentrating instead on the risk associated with these threats. Once that is determined, leadership can create or modify policy to reduce the level of risk the organization faces.

Shaping Policy 1

The image above is a high-level view of four strategic threat groups that a majority of organizations encounter. The key is in determining how these threats relate to your business. For example, an organization in the retail industry has a higher likelihood of encountering threats from a financial gain actor than from a hacktivist. A company specializing in agricultural manufacturing or energy faces a greater threat from a nation-state sponsored actor. Once these threat groups are prioritized (High – Medium – Low), the policy creators and analysts can determine risks associated with these threats based on policy and technologies currently in place and then adjust the policy as necessary.

Intelligence requirements are the basis for defining what analysts are concerned with when collecting and analyzing information and enable the timely dissemination of an analytical product. Strategic intelligence supports senior leadership’s overall strategy to reduce risk, and it is their responsibility, as the consumers of the intelligence, to provide identify and task the appropriate intelligence requirements. Once identified and tasked, these requirements focus the collection and analysis of operational and tactical intelligence as well. This interaction between the levels of intelligence will build the necessary ecosystem for intelligence operations.

Flow of Intelligence: An Ecosystem

Shaping Policy 2

Threat Intelligence is a learning ecosystem that cannot be purchased. Strategic, operational and tactical intelligence all play off each other to reduce risk associated with defined threats and enhance decision making at all levels. Strategy Shapes Policy and defines intelligence requirements that are prioritized to Drive Operations on a daily basis and Lead Response in the event of a breach or incident.

In the next part of this series, we will cover the second pillar of this ecosystem - Drive Operations - to see how intelligence can provide greater situational awareness in daily security operations.

Related Blogs

February 07, 2018

Intelligence Bulletin – When Cryptomining Attacks

Optiv has seen a continuation of attacks based off the usage of CryptoNight miner, in this case likely mining Monero cryptocurrency for the attackers....

See Details

December 13, 2017

Cyber Threat Intelligence Requires Commitment

It’s been said that in a breakfast of bacon and eggs, the chicken is involved but the pig is committed. This saying is relevant when implementing a cy...

See Details

July 17, 2014

Five Things to Consider for a Successful Intelligence Team - Part 1

I’ve had the opportunity to travel a bit and “evangelize” about Intelligence - what it is and the basic methodology surrounding it. The “Take Away” po...

See Details

How Can We Help?

Let us know what you need, and we will have an Optiv professional contact you shortly.

Privacy Policy


January 12, 2017

Information vs. Cyber Threat Intelligence

Cyber threat intelligence should always enable decision making and action, but what good is a cyber threat intelligence program if you take no action ...

See Details

October 06, 2017

Managed Security Services - Service Guide

Learn about our flexible and scalable services to improve your security capabilities.

See Details

August 24, 2017

Enterprise Incident Management Brief

Learn how Optiv’s workshop helps security leaders evolve their technical incident response practices to broad scope enterprise incident management.

See Details

Stay in the Know

For all the latest cybersecurity and Optiv news, subscribe to our blog and connect with us on Social.


Join our Email List

We take your privacy seriously and promise never to share your email with anyone.

Stay Connected

Find cyber security Events in your area.