# Threat Intelligence Lifecycle and Sources Backlink: [[Domain 1 - Index]] **Definition:** The cycle of directing, collecting, processing, analyzing, disseminating, and feeding back threat information to support decisions. ## Key Facts - Stages: Direction → Collection → Processing → Analysis → Dissemination → Feedback. - Sources: OSINT, ISAC/ISAO, commercial feeds, internal telemetry, law enforcement. - Tactical, operational, strategic intelligence levels; observe TLP. - Integrate with SIEM/SOAR and playbooks; measure value via dwell time. - **Verify:** check official (ISC)² CBK and current exam outline. >[!tip] **Exam Relevance** - Pick the right intel level for exec vs. SOC - Choose sources and handling practices >[!note] **Mnemonic** - “Dogs Chew, People Analyze, Deliver, Feedback.” ### Example Q: Execs want business impact trends. Intel level? A: Strategic. ## Revision Checklist - [ ] Name 6 lifecycle stages - [ ] Distinguish tactical vs. strategic intel - [ ] List 4 source types - [ ] Tie intel to playbooks/KRIs ## Related [[Threat Modeling (STRIDE, PASTA, Kill Chain)]] · [[Incident Response Lifecycle]] · [[Security Metrics, KPIs, and KRIs]] · [[Risk Management Process]] · [[Third-Party and Supplier Risk Management]] #cisSP #domain-1 #concept