Once PIRs are delivered from the strategic and tactical layers, they should be divided and delivered to the teams.

Examples:

• Business division IT—business unit IT
• Regional IT—country IT
• Security Operations Center—incident response/blue team

Depending on the type of information that is collected, these teams may or may not know the overall intent of the information that is being gathered, but it is important that the teams understand (to the extent that they are allowed) the what and the why of gathering it.

Here are the steps for operational cyber intelligence collaboration:

1. High level support for a cyber intelligence capability and collaboration defined and communicated to the organization
2. Collaboration methods must exist and procedures must be documented
3. Prioritization of information collection requirements from tactical leadership
4. Means to deliver information feeds to the intelligence processes
5. Ability to process information and produce internal dashboards that enable decision making

Here is an example of a tactical cyber intelligence dashboard that would be useful to the following operational teams:

• Information systems management 
• Application management team
• Change management
• Vulnerability management
• Incident response

The information that is provided in the preceding section is an example of a dashboard that can be developed to help the teams understand how their daily operations impact what is displayed:

• By displaying the critical application risk status, teams in this business unit will see how their efforts are impacting the risk of the organization
• By displaying the operating systems compliance status, teams will see how well their systems are configured against organizational standards
• By displaying remediation metrics, teams will see how many change requests there have been
• By displaying threat intelligence, teams will understand that the information that is provided in this section is applicable to them

Whatever is displayed on the dashboard, the preceding is just an example of what could be delivered to our teams to provide cognizance on processes so that they can be proactive in addressing their portion of the process.