Cisco Talos Blog: Maturing the cyber threat intelligence program

Sep 10, 2025

—

Source URL: https://blog.talosintelligence.com/maturing-the-cyber-threat-intelligence-program/
Source: Cisco Talos Blog
Title: Maturing the cyber threat intelligence program

Feedly Summary: The Cyber Threat Intelligence Capability Maturity Model (CTI-CMM) helps organizations assess and improve their threat intelligence programs by outlining 11 key areas and specific missions where CTI can support decision-making.

AI Summary and Description: Yes

**Summary:** The Cyber Threat Intelligence Capability Maturity Model (CTI-CMM) offers a structured framework to help organizations enhance their threat intelligence programs through a comprehensive assessment of 11 key areas. It defines four maturity levels ranging from foundational to leading, facilitating continuous improvement and strategic decision-making in cybersecurity.

**Detailed Description:**

The Cyber Threat Intelligence Capability Maturity Model (CTI-CMM) is a vital framework designed for organizations to evaluate and advance their cyber threat intelligence (CTI) initiatives. Key points include:

– **Purpose and Framework:**
– Provides a structured assessment of existing CTI capabilities.
– Outlines 11 specific domains where CTI can enhance decision-making processes.
– Encourages continuous improvement through a repeatable cycle model reminiscent of the “plan, do, check, act” management paradigm.

– **Maturity Levels:**
– **CTI0 (Pre-Foundational):** No executed practices exist.
– **CTI1 (Foundational):** Ad hoc practices focused on reactive actions.
– **CTI2 (Advanced):** Planned activities with documented practices and metrics aimed at proactive threat intelligence.
– **CTI3 (Leading):** Highly refined practices integrating prescriptive intelligence aligned with business objectives.

– **Domains of Improvement:**
– **Asset, Change, and Configuration Management:** Enhance asset management and risk detection.
– **Threat and Vulnerability Management:** Improve identification and mitigation of cybersecurity threats.
– **Risk Management:** Boost decision-making related to cyber risk.
– **Identity and Access Management:** Enhance management of identities and access controls.
– **Situational Awareness:** Develop better understanding and response to threat landscapes.
– **Event and Incident Response:** Strengthen responses to cybersecurity incidents.
– **Third-Party Risk Management:** Manage risks associated with suppliers.
– **Fraud and Abuse Management:** Protect against malicious attacks.
– **Workforce Management:** Cultivate a strong cybersecurity culture.
– **Cybersecurity Architecture:** Maintain and enhance cybersecurity structures.
– **Cybersecurity Program Management:** Offer strategic governance for overall cybersecurity endeavors.

– **Practical Implications:**
– Organizations should focus on developing CTI programs that are pragmatic and tailored to their unique environment and resource capabilities, rather than striving merely for high maturity scores.
– Acknowledges that elevating maturity levels may require allocation of resources effectively to meet actual user needs.

– **Historical Context:**
– The model builds on previous capability maturity efforts, notably the Capability Maturity Model Integration (CMMI) and inputs from the Cybersecurity Capability Maturity Model (C2M2).

The CTI-CMM serves as a crucial tool for organizations to refine their cybersecurity strategies through a more structured and measurable approach, making it particularly insightful for security and compliance professionals looking to enhance their threat intelligence capabilities. As the cyber threat landscape evolves, leveraging the CTI-CMM can promote robust organizational responses and resilience against emerging threats.

1 2 3 a abuse access access control access controls access management Act actions advanced age AGI AI All and and Risk app Arch architecture art as assessment asset management at ated attack attacks aware awareness Bi business by C C2 capabilities capability CI CIA Cisco Cisco Talos co compliance compliance professionals Configuration configuration management Context continuous continuous improvement control controls core culture cyber cyber risk cyber threat cyber threat intelligence cyber threat landscape cybersecurit Cybersecurity cybersecurity architecture cybersecurity incident cybersecurity incidents cybersecurity program cybersecurity strategies cybersecurity threat cybersecurity threats D de decision decision-making Decision-making Processes DeFi design detection document domain domains e edge effective emerging emerging threats end environment event fine fines focused for framework fraud g Gen Go governance H high historical context HR http HTTPS identities identity Identity and Access Management implications in incident incident response initiatives integration Intel intelligence io Iron ite J k Key knowledge l land leading led level Li line M making making processes malicious attack malicious attacks man management maturity metrics mini mission mitigation Mode model N needs no NPU o of off on ons oost organization organizational responses organizations oS OSINT out over party party risk Party Risk Management point practical implications practices pre pro proactive process processes professionals ps Q R rag rate RCE re react reactive red Resil resilience resource resources response responses Risk risk management risks Ro RoT s sec security security and compliance security architecture security culture security incident security incidents security program security strategies security structures security threat security threats Sig situational awareness SoC source specific SSE SSO strategic strategic decision strategic decision-making strategies structured structures support T Talos ted text the third third-party third-party risk third-party risk management threat threat intel threat intelligence threat intelligence programs threat landscape threat landscapes threats to tool Tor TP UI under up US use user user needs V val vulnerability Vulnerability Management Ware Wi workforce workforce management x z