Security Intelligence at Strategic, Operational and Tactical Levels (2024)

Table of Contents
Applying the Military’s Intelligence Framework to Incident Response Strategic Cyber Intelligence Operational Cyber Intelligence Tactical Cyber Intelligence Security Intelligence Drives Better Decisions Strategic Decisions Operational Decisions Tactical Decisions A Virtuous Cycle FAQs

Cyber intelligence comes in many forms. Some is urgent, some merely informative; some is highly technical, while some is broad and generic. But all of it seems to be coming at a faster and faster rate. The challenge is to determine how to get the right security intelligence to the right decision-maker in the right way.

Security professionals can learn a lot from the way the U.S. Department of Defense (DoD) approaches intelligence. Years ago, the agency was absolutely overwhelmed with information on adversary activities and had to establish frameworks for dealing with the data. As a result, the military now considers intelligence at three levels: strategic, operational and tactical.

Strategic intelligence informs the most senior decision-makers, operational intelligence is aimed at those making day-to-day decisions and tactical intelligence is focused on units in need of instantaneous information.

Applying the Military’s Intelligence Framework to Incident Response

Using this framework, it is easier to architect solutions and to help all parties involved understand their role in delivering information efficiently and effectively. Let’s take a look at how this approach can apply to businesses developing cyber intelligence capabilities.

Strategic Cyber Intelligence

Strategic cyber intelligence is analysis and information that can help organizations understand the type of threat they are defending against; the motivation and capability of the threat actor; and the potential impacts thereof. This information enables security teams to plan for the resources they’ll need to protect against and mitigate current and future threats.

The data at this level should be evidence-based but can also include informed projections, including what the adversaries might do once your defenses are in place. A briefing provided to a corporate board or C-suite executive is an example of strategic cyber intelligence.

See Also
What is Decision Intelligence? - Diwo15 Real World Business Intelligence Examples7 Big Data Benefits That Can Help Improve Decision MakingWhat are some common functions of business intelligence technologies?

Operational Cyber Intelligence

Operational cyber intelligence is data that can inform day-to-day decision-making, resource allocation and task prioritization. It includes trend analysis, showing the technical direction of threat actors; indications that an adversary has selected a particular target; and revelations of malicious tactics, techniques and procedures. It can also be useful in identifying threats against your network.

Examples of operational cyber intelligence include information feeds from an information sharing and analysis center (ISAC) and alerts from the Department of Homeland Security (DHS) about a new threat trend.

Tactical Cyber Intelligence

Tactical cyber intelligence is information from direct adversary action inside your systems or from other sources that have the potential to immediately influence your tactical decisions. This data is typically derived from real-time monitoring of systems. Examples include feeds from intelligence providers that reveal which domains have been taken over by adversaries spreading malicious code, and insights from internal monitoring devices showing that a system in the company has been infected with a virus.

Security Intelligence Drives Better Decisions

Information on the threat informs different decisions at different levels. Ensuring that you have the right information at each level can significantly improve your ability to defend your organization. The conclusions drawn by intelligence analysis vary by situation, but below are some key use cases as food for thought.

Strategic Decisions

Strategic threat intelligence can be critically important to building support for the resources you will need to construct a strong defense. Strategic intelligence often comes in the form of threat briefings tailored to your industry or organization. After receiving a threat brief, you may decide to change the way you track cyberthreats as a risk or request reprioritization of your current IT spend to enhance security. You may even build a case for new cybersecurity funding.

You can also use strategic intelligence to advocate for stronger coordination and collaboration with other organizations. Enhanced strategic cyber intelligence can help you structure your internal organization and bolster your incident response capabilities. It can also help your organization understand the degree of agility required to build defenses against fast-moving adversaries.

You should use strategic information to plan training programs for your cybersecurity and IT staff, as well as executives who will need to respond to ongoing operational situations. Strategic decisions include prioritization of system control efforts — for example, prioritizing controls based on International Organization for Standardization (ISO), National Institute of Standards and Technology (NIST) or similar standards.

In most cases, good strategic intelligence will motivate enterprises to rethink processes — including both nontechnical processes, such as audit, and technical processes, such as configuration management — to reduce IT errors.

Operational Decisions

Operational decisions made by security professionals, IT teams and even executives are better informed with a knowledge of which tools adversaries are using, which vulnerabilities they are exploiting and what techniques other defenders are using to successfully mitigate the threat. This will enable decision-makers to better prioritize daily work schedules, build security teams and collaborate with outside departments and business leaders. Other operational decisions include the policies you put into your IT systems to automatically respond to tactical threats.

Tactical Decisions

Tactical intelligence can lead to conclusions about what adversaries want, which can help you make rapid decisions on what to block, what to allow and, at times, what to shut down. Unfortunately, lack of tactical intelligence often leads to businesses making the wrong decisions, resulting in adversaries either getting all the information they want or forcing key services to be taken offline.

Better tactical intelligence can ensure that decisions are optimized. Increasingly, organizations are putting policies in place to enable automated responses. This is a great use of tactical intelligence, but this approach is only effective when both good strategic and operational intelligence are also optimized. All three levels must come together to enable organizations to operate at network speed.

A Virtuous Cycle

By optimizing intelligence at each of these levels, organizations can improve the quality of their decisions significantly. This can become a particularly virtuous cycle, since using good intelligence will motivate more tasking, which, in turn, improves an organization’s security posture and its ability to enhance threat modeling with predictive cyber intelligence.

Incident Response (IR)|Information Sharing|Security Intelligence|Threat Detection|Threat Intelligence|Threat Sharing

Bob Gourley

Security Intelligence at Strategic, Operational and Tactical Levels (2024)

FAQs

What are the tactical operational and strategic levels intelligence? ›

Tactical threat intelligence

It has a shorter lifespan than strategic threat intel, which is meant to detect long term trends, but is less reactionary than operational threat intelligence, which helps teams defend against threats during time-sensitive active attacks.

Find Out More
What are the levels of intelligence in security? ›

Intelligence is conducted on three levels: strategic (sometimes called national), tactical, and counterintelligence.

Read More
What is the difference between strategic intelligence and tactical intelligence? ›

Tactical intelligence, sometimes called operational or combat intelligence, is information required by military field commanders. Because of the enormous… Strategic intelligence is information that is needed to formulate policy and military plans at the international and national policy levels.

See More
What are the three operational levels of cyber intelligence? ›

understanding the elements and value of cyber intelligence at all three levels (strategic, operational, and tactical) and integrating that understanding into the fabric of an organization's operations is not a panacea for preventing cyber threats.

View More
What are the three levels of strategic tactical and operational? ›

Each of these levels of management has different responsibilities and objectives, but all work together to achieve overall business goals. The strategic manager defines the overall strategy and important decisions, the tactical manager implements it and the operational manager manages day-to-day activities.

Show Me More
What are strategic tactical and operational level decisions? ›

Strategic decisions are decisions keeping in mind the long-term goals, Tactical decisions have a short-term to medium-term impact and Operational decision making typically involves a younger creative mindset. Operational decisions particularly impact your day-to-day generic and repetitive tasks.

Continue Reading
What is your understanding on security intelligence and operations? ›

Security intelligence refers to the practice of collecting, standardizing and analyzing data that is generated by networks, applications, and other IT infrastructure in real-time, and the use of that information to assess and improve an organization's security posture.

Find Out More
What is the highest level of intelligence? ›

Theoretically, there's no upper limit to an IQ score. Who has the honor of the highest score isn't entirely clear. Though there are many claims of super-high IQs, documentation is hard to come by. The fact that IQ tests have changed quite a bit over the years makes it difficult to compare results from different eras.

Show Me More
What are the top three types of intelligence? ›

Figure 7.12 Sternberg's theory identifies three types of intelligence: practical, creative, and analytical.

Get More Info
What does intelligence at the tactical level provide? ›

At the tactical level, OSINT offers ground force commanders near-real-time information critical to decision-making. Social media especially provides analysts the opportunity to rapidly collect, monitor, and assess events within a commander's area of operations.

Tell Me More

What is the difference between tactical and operational intelligence? ›

Operational threat intelligence is even more specific than tactical intelligence, as it focuses on delivering actionable information about an identified attack in progress against the organization.

Learn More Now
What is the difference between strategic and tactical security? ›

Proactive and Reactive: Tactical SIEM focuses on immediate response, while strategic SIEM proactively identifies risks. Together, they create a robust risk management system.

Learn More Now
What are the 3 C's of cyber security? ›

The 3Cs of Best Security: Comprehensive, Consolidated, and Collaborative. Cybercriminals are constantly finding new ways to exploit governments, major corporations and small to medium sized businesses.

Get More Info
Who is the target audience for tactical intelligence? ›

Tactical Threat Intelligence is one of the most useful sources of intelligence for securing an organisation. Tactical Threat Intelligence tries to link an attacker's attack strategy to detection and mitigation measures. It is used by administrators, security operations managers, and network operations centre workers.

Find Out More
What is the operational level of intelligence? ›

Operational intelligence is real time, or near real-time intelligence, often derived from technical means, and delivered to ground troops engaged in activity against the adversary.

Find Out More
What are the levels of tactical strategic? ›

Tactical refers to units, equipment or concepts at the lowest level. Individual men, units up to several hundred men, etc. Strategic refers to units, equipment and concepts at the very highest level. Whole armies, the national war effort, etc.

Know More
What is strategic and operational level? ›

Strategic management focuses on the future of the company, expanding a business plan to last for three to five years. Operational management, however, focuses on more short-term ideas and implementation tactics. Leaders using operational management may create plans that consider up to a year in the company's future.

Discover More
What are the level of strategic operations? ›

These three levels are: Corporate-level strategy, Business-level strategy and Functional-level strategy.

Get More Info
Top Articles
Occupancy Status, Count, and Rate
Mile High Clubbin': What Really Happens on NBA Team Flights
Transaction Failed Mercari
Arizona Tile Locations
Honoring Health Newsletter—Summer 2024 | DPCPSI
HonorHealth | Medical Staff Update
Gem City Surgeons Miami Valley South
‘Star Wars’: 20 Memorable Quotes From the Iconic Films
| Health Services for Children with Special Needs, Inc. (HSCSN)
Walmart hiring (USA) Staff Pharmacist in Lynchburg, Virginia, United States | LinkedIn
What Is a Toll-Free Number & How Do You Get One? - OpenPhone
Toll-Free Number: What does it mean? & How Does it Work?
Latest Posts
Elon Musk, Movie Star: How Netflix’s ‘Return to Space’ Captures a New Era of Cameras in Low-Earth Orbit
Money & Pay
Article information

Author: Virgilio Hermann JD

Last Updated:

Views: 6252

Rating: 4 / 5 (61 voted)

Reviews: 92% of readers found this page helpful

Author information

Name: Virgilio Hermann JD

Birthday: 1997-12-21

Address: 6946 Schoen Cove, Sipesshire, MO 55944

Phone: +3763365785260

Job: Accounting Engineer

Hobby: Web surfing, Rafting, Dowsing, Stand-up comedy, Ghost hunting, Swimming, Amateur radio

Introduction: My name is Virgilio Hermann JD, I am a fine, gifted, beautiful, encouraging, kind, talented, zealous person who loves writing and wants to share my knowledge and understanding with you.