Building a cyber intelligence capability is no small feat and every organization is different. As discussed in earlier chapters, there needs to be a means to collect, analyze, and disseminate information to specific stakeholders. The question is where do we begin? 

A Capability Maturity Model (CMM) is used to show the different levels of how well the organizational practices, behaviors, and processes can produce required outcomes. 

Here is an example of how we can begin developing the cyber intelligence capability using the Center for Internet Security top 20 critical security controls as a baseline:

From this point, we can ask these questions to frame the business need:

• Do we have the capability of doing this?
• Why is this important?
• What are our challenges?
• Who are our stakeholders and how will we communicate?
• When do we need this?