Cyber Threat Intelligence Capability Maturity Model (CTI-CMM) released
A partnership of 28 industry leaders serving public and private organizations across the vendor and consumer community volunteered their time, effort, and experience to launch the first version of the Cyber Threat Intelligence Capability Maturity Model (CTI-CMM), designed as the first-of-its-kind vendor agnostic and universally applicable resource to support organizations of all shapes and sizes across the CTI industry.
“Advising numerous clients globally, I have observed a consistent need for an outcome-focused model for cyber intelligence programs. The CTI-CMM bridges the gap to help CTI programs create impactful and demonstrable value for their organization,” said Colin Connor, CTI Services Manager at IBM X-Force.
The all-volunteer team behind the CTI-CMM is a powerhouse of professionals representing various sectors, geographic regions, backgrounds and experiences. These leaders from Intel 471, IBM, Kroger, Venation, Mandiant, IntL8, Regfast, Trellix, Autodesk, Centre for Cybersecurity Belgium (CCB), Northwave Cyber Security, Workday, Marsh McLennan, Signify, Tidal Cyber, and many more, have come together to elevate cyber threat intelligence across the industry through their collective knowledge and experiences. Their diverse expertise ensures the credibility and robustness of the CTI-CMM. Together, they defined the following values and principles to support the CTI community moving forward:
- Intelligence provides value through collaboration with our stakeholders and supporting their decision-making process.
- Intelligence is never completed. Improvement is continuous. This also applies to adoption. Constant improvement is crucial for success and distinguishing from other models that failed to keep up with the time.
- Intelligence is not proprietary, nor is it prescriptive. Therefore, the model should never be claimed by a single commercial party.
Shared Principles
- Contextualizing threat intelligence within risk
- Continuous self-assessment and improvement
- Actionable intelligence based on stakeholder needs
- Quantitative and qualitative measurement of intelligence
- Collaborative and iterative intelligence processes
This team decided to design the CTI-CMM to align with industry best practices and the concepts and format of a recognized cybersecurity maturity model, the Cybersecurity Capability Maturity Model (C2M2). Similar to the C2M2, the CTI-CMM is organized into ten domains. Each domain includes a “Domain Purpose” followed by a “CTI Mission” description describing how the CTI function supports it and consists of the CTI Use Cases and CTI Data Sources.
CTI-CMM is available for download here.