Cyber-threat intelligence for security decision-making: A review and research agenda for practice

The increasing militarization of the cyber-threat environment has driven considerable interest in understanding the role of cyber-threat intelligence (CTI) in supporting the enterprise. Despite CTI's value proposition to organizations, the rate of industry adoption has been low and localized within IT Operations. Our review of the research and practice literature on CTI shows that the discourse is heavily dominated by the technology perspective, leaving significant gaps in the knowledge of CTI. We begin with a background study that reinforces the traditional origins of CTI as a process derived from the Intelligence Cycle that is referenced and practiced in military intelligence studies. We describe the Intelligence Cycle and its phases and reinforce the characteristics and attributes of intelligence, asserting the critical importance of synthesizing information into intelligence.