Cyber threat intelligence is information about threats and threat actors that helps mitigate harmful events in cyberspace Cyber threat intelligence sources include open-source intelligence, social media intelligence, human intelligence, technical intelligence, or intelligence from the deep and dark web.

Cyber threat intelligence provides a number of benefits, including:

• Empowers organizations to develop a proactive cybersecurity posture and to bolster overall risk management policies.

• Drives momentum toward a cybersecurity posture that is predictive, not just reactive.

• Enables improved detection of threats.

• Informs better decision-making during and following the detection of a cyber intrusion.

Cyber threat data or information with the following key elements are considered as cyber threat intelligence:

• Evidence-based: cyber threat evidence may be obtained from malware analysis to be sure the threat is valid.

• Utility: there needs to have some utility for the organization to have a positive impact on security incidents.

• Actionable: the gained cyber threat intelligence should drive security control action, not only data or information.