When I think of how I would begin to build a security program and integrating a cyber intelligence capability, I like to keep things very simple:

1. What is the mission of the information security program?
2. What is the core set of services that are required in a security program that will enable me to understand and improve my security posture?
3. What has been defined as the most important to the least important system, application, and data?
4. I want to know what good, bad, and ugly look like. How is risk defined in the organization?
5. Who needs to talk to who in order to get things done?
6. How do I need to share this information with those who need to know?