In this publication, we propose that threat intelligence analysts tend to shy away from utilizing language that enables the generation of a quantifiable assessment, based on professional observations. While quantifiable, “matter of fact” statements are digested quickly and confidently into decision-making processes, we believe that analysts’ apprehensive nature to using this type of language results from fearing being wrong. For example, an analyst may fear being responsible for a negative outcome of a decision that is made based upon the information contained within a provided assessment/intelligence product.

Day to day, business leaders must navigate various risks, of which security is just one sector that feeds into their decision-making process. These decision-makers seek high quality “bottom line up front” intelligence products to inform their risk-based decisions. As intelligence professionals, we must deliver on this expectation, leaving little to no room for consumer questions. The easier it is for a threat intelligence analyst to convey their message and align their language with a commonly used lexicon, the more effective they will be at their jobs.

This analytical reference seeks to accomplish:

• Establish the case for adding quantitative language and confidence measures to analytical statements.

• Establish a working standard for Words of Estimative Probability for the Cyber Intelligence industry.

You can download and read the full publication for free here.