Distinctions: Threat Information vs.Threat Intelligence
Finished Intelligence is the Output of Taking Threat Information, Evaluating it and Deriving a Business Benefit…
Industry Target – What specific organization(s) or group(s) is the actor going after?
• Technology Target – What technology (i.e. Adobe Flash, Internet Explorer, etc.) used by the organization(s) use that can be exploited by the actor to carry out an attack?
• Delivery Method – How did the actor deliver the payload to the target (i.e. spear-phishing, third party compromise, etc.)?
• Exploit Used – What specific exploit and/or known (or unknown for that matter) vulnerability was used by the actor?
• Presence Achieved – What level of presence (i.e. privileged accounts, database access, etc.) did that actor gain/use in order to carry out their attack?
• Effect/Harm Caused – What was the impact (i.e. stolen IP, service downtime, etc.) caused by the attack?
Full Article: Distinctions: Threat Information vs.Threat Intelligence – Adam Meyer – SurfWatch Labs