Skip to main content

Beta What do you think of this service? Your feedback will help us to improve it.

  4. Threat intelligence and threat assessment

Threat intelligence and threat assessment

Skill definition

Threat intelligence and threat assessment encompasses evidence-based knowledge, including context, mechanisms, indicators, implications and actionable advice, about an existing or emerging concern or risk that has been aggregated, transformed, analysed, interpreted or enriched to provide the necessary context for decision-making processes. Principles of the skill include assessing and validating information from several sources on current and potential cyber and information security threats to the business, analysing trends and highlighting information security issues relevant to the organisation, including security analytics for big data; processing, collating and exploiting data, taking into account relevance and reliability to develop and maintain ‘situational awareness’; predicting and prioritising threats to an organisation and their methods of attack; analysing the significance and implication of processed intelligence to identify significant trends, potential threat agents and their capabilities, predicting and prioritising threats to an organisation and their methods of attack; using human factor analysis in the assessment of threats; using threat intelligence to develop attack trees; and preparing and disseminating intelligence reports, providing threat indicators and warnings.

Awareness

  • Understands and utilises basic threat principles and concepts

Working

  • Understands and can explain threat intelligence and threat assessment principles and concepts
  • Uses prescribed tools and techniques to acquire, validate and analyse threat information from multiple sources
  • Under direction enriches threat information by providing context, assessing possible implications and summarising the behaviour, capabilities and activities of threat actors
  • Uses approved techniques to model routine threats, under supervision, to identify common enterprise attack vector, identify critical organisational functions, and protect organisational assets and goals
  • Applies knowledge to prioritise remediation of identified vulnerabilities for a single asset or system

Practitioner

  • Has an advanced understanding of threat intelligence and threat assessment principles and concepts, and leads threat intelligence and assessment activities
  • Identifies sources of threat information and utilises a variety of techniques, without supervision, to acquire, validate and analyse threat information, enterprise attack vectors, and critical organisational functions from multiple sources. Synthesises and places intelligence in context
  • Applies expertise and insight to enrich threat information, including understanding the behaviour, capabilities and activities of threat actors and assessing possible implications, prioritising remediation of identified vulnerabilities for multiple systems
  • Disseminates enriched threat intelligence
  • Applies threat intelligence to model threats and protects organisational assets and goals, including informing the selection of security controls, developing indicators of compromise, detecting illicit behaviour (including evidence of fraud and crime), providing context for undertaking investigations and responding to events
  • Directs others in undertaking threat intelligence activities

Expert

  • Demonstrates a highly advanced understanding of threat principles and concepts. Identifies sources of threat information and selections and, where required, develops techniques to acquire, validate and analyse threat information from multiple sources
  • Synthesises and places complex intelligence in context, understanding relevance in the context of organisational strategy
  • Applies and directs others in application of expertise and insight to enrich threat information, including understanding the behaviour, capabilities and activities of threat actors and assessing possible implications
  • Is responsible for disseminating enriched threat intelligence
  • Directs and is responsible for the application of threat intelligence to model threats, including sophisticated and complex threats, to protect organisational assets and goals, including informing the selection of security controls, developing indicators of compromise, detecting illicit behaviour (including evidence of fraud and crime), and providing context for undertaking investigations and responding to events
  • Leads and oversees the threat intelligence function and activities for an organisation
  • Is responsible for strategy, policy, procedures, guidelines and selection of relevant tools and techniques within the organisation
  • Advises and influences senior management when required, and influences developments in the field at a national level

Sign up to UK Government Security

Subscribe to our newsletters to receive notifications when changes to strategy, policy, standards, and guidance are published on the website.

Sign up now