How Mature Is Your Threat Intelligence?

By   ISBuzz Team
Writer , Information Security Buzz | Mar 17, 2020 01:44 am PST

The not-for-profit accreditation and certification body for the technical security industry, has developed a new maturity assessment tool for Cyber Threat Intelligence (CTI) programmes. The licence-free tool will help organisations to predict, prepare for, detect and respond to potential attacks through more effective CTI programmes.

The new Cyber Threat Intelligence Maturity Assessment Tool provides continuous and effective analysis of a CTI programme in terms of people, processes and technology and supports the adoption of a systematic, structured approach to intelligence gathering. Development of the CREST tool was led by the CTIPs (CREST Threat Intelligence Professionals) group with support of its members, industry bodies and suppliers of expert technical security services. It is based on the 18 steps within the four-phase CTI capability programme presented in the CREST CTI Management Guide.

As different private and public sector organisations require different levels of CTI maturity, the CREST tool reviews maturity against actual requirements and compares it with other similar organisations. While organisations with a mature CTI programme may manage most of their operations in-house, those who are less mature may depend entirely on third parties.

A weighting factor can be set to give the results for particular steps more importance than others. The selected levels of maturity are displayed graphically for each of the four phases and overall, with calculations that take account of both the level of maturity selected for each step and the given weighting.

“For many companies and organisations, threat intelligence is a relatively new but increasingly essential tool in the battle against cybercrime,” said Ian Glover, president of CREST. “So, it is vital that those responsible for CTI programmes can measure the maturity and effectiveness of their programmes against standardised metrics relevant to both their business and the level of threat. By offering a free, easy to use tool, CREST is helping to raise awareness and remove barriers to improving the cyber security posture of any type or size of business or organisation. It has already been reviewed and is in process of being adopted by regulators across Europe as a way of obtaining key performance indicators for their regulated organisations.”

To download the Cyber Threat Intelligence Maturity Assessment Tool, go to:

Intermediate and summary versions of the tools will also be available later this year.