Actionable intelligence is what we get when we start sorting through the data. This data is gathered on the guidance given from the commander for items that they need to make a decision. How does information go from data to actionable intelligence?

A common answer to this is the use of the Data, Information, Knowledge, and Wisdom pyramid also know as the DIKW pyramid:

This pyramid is a graphical representation of how data is transformed into wisdom:

• The Data and Information levels are located within the Information Management section because we will need to gather data based on the PIRs 
• This data needs to be managed so that we can filter out the unnecessary pieces to obtain information
• After all of the information has been analyzed, it can then be moved and maintained in the Knowledge Management section
• From all of the information that has been gathered, the intelligence that has been developed will support the commander in making a decision

How does this look in an information security organization?

• At the Data level, we will begin by gathering information from the security tools that we implement within the environment.
• At the Information level, we will filter out information based on our PIRs. Examples can be KPIs or pattern recognition from AI or machine learning tools.
• Once the information is filtered, we can move it through our risk analysis processes and weigh what our options are.
• We will then be able to present to our stakeholders with the information necessary to make a decision.