Did you know Cybrary has FREE video training? Join more than 2,500,000 IT and cyber security professionals, students, career changers, and more, growing their careers on Cybrary.
Module 3 examines an organizational approach to CTI which can be characterized as its "perceptions" of CTI. It comes down to how an organization decides to act in light of the risk intel that is collected and presented on its behalf. This is referred to as risk analysis and at its core, is what keeps an organization healthy. Threats must first be defined and then examined both in isolation and together. Some real threats may not be relevant to an organization such as a virus targeting Mac in a Windows organization. There is both positive and negative risk. Positive risk is typically knowingly undertaken by an organization such as buying a smaller competitor. The potential for gain typically outweighs that for loss. Conversely, with negative risk such as with a vulnerability, sometimes the risk is also worth taking is the cost to mitigate it exceeds that value of the asset under threat. Risk can also be transferred via insurance or the outsourcing of securtiy. CTI is an investment and requires training, financial expenditure along with a multitude of decisions from undertaking automation to determining if an identified threat is actionable.