When I think of how I would begin to build a security program and integrating a cyber intelligence capability, I like to keep things very simple:
- What is the mission of the information security program?
- What is the core set of services that are required in a security program that will enable me to understand and improve my security posture?
- What has been defined as the most important to the least important system, application, and data?
- I want to know what good, bad, and ugly look like. How is risk defined in the organization?
- Who needs to talk to who in order to get things done?
- How do I need to share this information with those who need to know?