The new maturity model bridges the gap between CTI programs and organizational objectives to ensure the maximum value is derived from these investments and initiatives.
“CTI Mission” description describing how the CTI function supports it and consists of the CTI Use Cases and CTI Data Sources. ”
“Unlocking the full potential of your CTI program requires alignment with the capabilities of each stakeholder it supports, and a tangible measurement of success synchronized with organizational priorities,” said Michael DeBolt, Chief Intelligence Officer at Intel 471. “The CTI Capability Maturity Model (CTI-CMM) is designed to support CTI teams in building their capabilities by aligning to defined practices for stakeholder business domains unique to each organization. The Model establishes shared values and principles across the industry to empower organizations to take a holistic approach to cyber threat intelligence with stakeholders in mind.”
“Advising numerous clients globally, I have observed a consistent need for an outcome-focused model for cyber intelligence programs. The CTI-CMM bridges the gap to help CTI programs create impactful and demonstrable value for their organization,” said Colin Connor, CTI Services Manager at IBM X-Force.
The all-volunteer team behind the CTI-CMM is comprised of professionals representing a wide range of sectors, geographic regions, backgrounds and experiences, including leaders from Intel 471, IBM, Kroger, Venation, Mandiant, IntL8, Regfast, Trellix, Autodesk, Centre for Cybersecurity Belgium (CCB), Northwave Cyber Security, Workday, Marsh McLennan, Signify, Tidal Cyber, DeepSeas, BP, Gojek, SAND and many more. These individuals created CTI-CMM to elevate cyber threat intelligence across the industry through knowledge and experiences. Together, they defined the following values and principles to support the CTI community moving forward:
Shared Values
- Intelligence provides value through collaboration with our stakeholders and supporting their decision-making process.
- Intelligence is never completed. Improvement is continuous. This also applies to adoption. Constant improvement is crucial for success and distinguishing from other models which failed to keep up with the time.
- Intelligence is not proprietary, nor is it prescriptive. Therefore, the model should never be claimed by a single commercial party.
Shared Principles
- Contextualizing threat intelligence within risk
- Continuous self-assessment and improvement
- Actionable intelligence based on stakeholder needs
- Quantitative and qualitative measurement of intelligence
- Collaborative and iterative intelligence processes
This team made the decision to design the CTI-CMM to align with industry best practices and the concepts and format of a recognized cybersecurity maturity model, the Cybersecurity Capability Maturity Model (C2M2). Similar to the C2M2, the CTI-CMM is organized into ten domains. Each domain includes a “Domain Purpose” followed by a “CTI Mission” description describing how the CTI function supports it and consists of the CTI Use Cases and CTI Data Sources.