enespt-br
Glossary

Intelligence Cycle

The systematic process through which raw threat data is collected, analyzed, and disseminated as actionable intelligence.

Definition

The Intelligence Cycle is the structured process that transforms raw threat data into actionable intelligence that decision-makers can use.

The Six Phases

1. Direction & Planning

  • Define intelligence requirements
  • Identify what intelligence is needed
  • Prioritize information gathering
  • Allocate resources

Questions:

  • What threats matter most to our organization?
  • What information do we need to make better decisions?
  • What sources are most reliable?

2. Collection

  • Gather data from multiple sources
  • OSINT (Open Source Intelligence) – publicly available information
  • Commercial feeds – paid threat intelligence providers
  • Government sources – CISA, sector ISACs
  • Internal sources – your own logs and monitoring

Sources:

  • Dark web monitoring
  • Technical feeds (CVEs, malware samples)
  • News and geopolitical analysis
  • Academic research
  • Vendor advisories

3. Processing

  • Organize and structure raw data
  • Deduplicate information
  • Normalize formats
  • Catalog sources and confidence levels

4. Analysis

  • Synthesize data into intelligence
  • Assess accuracy and credibility
  • Add context and interpretation
  • Correlate different data points

Analytical approaches:

  • Threat actor profiling
  • Vulnerability impact assessment
  • Geopolitical risk analysis
  • Trend identification

5. Dissemination

  • Deliver intelligence to stakeholders
  • Tailor for different audiences (executives, analysts, operators)
  • Choose appropriate formats (briefings, reports, alerts)
  • Ensure timely delivery

Audiences:

  • Executive leadership (strategic intelligence)
  • Security operations (tactical intelligence)
  • Incident response teams (operational intelligence)
  • Development teams (vulnerability intelligence)

6. Feedback

  • Collect feedback from intelligence consumers
  • Identify gaps or inaccuracies
  • Adjust future intelligence gathering
  • Continuously refine the cycle

Why the Cycle Matters

Organizations without the intelligence cycle:

  • Collect data randomly
  • Struggle to prioritize threats
  • Deliver intelligence too late or in wrong format
  • Repeat mistakes

Organizations with a structured cycle:

  • Know exactly what intelligence is needed
  • Gather efficiently
  • Deliver actionable intelligence
  • Continuously improve

Duration

The intelligence cycle is continuous. It’s not a linear process with an ending; instead, feedback loops back to planning as the threat landscape changes.

A single cycle might take 1-7 days depending on intelligence type and urgency:

  • Breaking threat: 1-2 hours
  • Tactical intelligence: 1-3 days
  • Strategic intelligence: 1-2 weeks

See Also

Related Terms

Threat IntelligenceCTI Maturity