Abstract

The increasing militarization of the cyber-threat environment has driven considerable interest in understanding the role of cyber-threat intelligence (CTI) in supporting the enterprise. Despite CTI's value proposition to organizations, the rate of industry adoption has been low and localized within IT Operations. Our review of the research and practice literature on CTI shows that the discourse is heavily dominated by the technology perspective, leaving significant gaps in the knowledge of CTI. We begin with a background study that reinforces the traditional origins of CTI as a process derived from the Intelligence Cycle that is referenced and practiced in military intelligence studies. We describe the Intelligence Cycle and its phases and reinforce the characteristics and attributes of intelligence, asserting the critical importance of synthesizing information into intelligence.We subsequently develop a research agenda for practice researchers addressing the critical research question: “How can cyber-threat intelligence be operationalized in organizations?” We begin by exploring research questions to develop the theoretical foundations of CTI. Towards this objective, we present a useful template for process theory that generates practice outcomes. We then discuss methods suited to practice research in CTI before moving on to inquiries concerning the role and purpose of CTI in practice. We delve into questions on the broad aspects of practice at both the macro-level, focusing on the examination of CTI programs in organizations with different strategic risks, and the micro-level, exploring the distinctions between practice, praxis, and practitioners. Additionally, we explore questions on the role of artifacts, objects, and information systems that support CTI practice, including spaces and the role of practitioners and non-practitioners. After exploring various practice-related topics, we examine potential research opportunities pertaining to the prevailing narratives surrounding technology and information sharing, as identified in our literature review.

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.