3. Describe the threat intelligence lifecycle (AC 1.3)

The intelligence cycle is the process where threat information is first identified and collected, then analysed and developed into detailed plans. Planning and direction In this step cybersecurity professionals figure out what kind of intelligence is needed to prevent and respond to potential attacks. Collection This involves gathering information on current or upcoming threats from a variety of intelligence sources. Processing Raw data is processed into a more usable format for analysis such as sorting through spreadsheets, decrypting files and assessing the data for its relevance and trustworthiness. Analysis The data is analysed using various tools and techniques to check if the organisation's systems have been compromised. Dissemination A detailed threat intelligence report is created and sent to the relevant decision makers, who will decide on the next steps. Feedback Once the report is reviewed, the decision makers evaluate whether it addresses the issues and determine what actions need to be taken next.