We’ve done a great series of posts explaining the cyber risk intelligence process. I wanted to take a moment and put it all together in summary form:

1. Take the time to identify your assets. The more you document, the better off you will be.
2. Create a list of scenarios — the things you absolutely cannot allow to happen.
3. Identify the actions an adversary would take as it moved towards executing an attack against you. We call this an indicator list.
4. Do all you can to understand what is going on in the external threat environment.
5. Match your feeds from the external threat environment against your internal list of assets.
6. Check the “matches” you observe against your indicator list. Monitor for “indicator progression”.
7. Warn your boss when the things when the evidence is beginning to mount — but when you still have time to mitigate.