Completeness means that each piece of intelligence provides a complete picture of the threat, including the actors, methods and systems involved, said Callie Guenther, senior manager of cyber threat research for Critical Start. At that point, accuracy is perhaps one of the most important quality factors that will make or break the value of a source. “The reliability and credibility of the source is very important,” he said. “Inaccurate intelligence can result in false positives, wasted resources, and exposure to unaddressed threats.”
Appropriateness means that intelligence is relevant to the organizations industry, technology stack, and location. And timeliness is about making sure that the intelligence is there enough to make a difference in how the organization will perform. Obviously, intelligence sources will often have to strike a balance between timeliness and accuracy as threat research unfolds.
Finally, Guenther will add another ‘A’ to the mix to make it CAART: performance. “Intelligence should be detailed and clear enough to drive security actions, such as modifying security devices, updating policies, or patching vulnerabilities,” he says.
Source link