Last Updated: September 2022

Version 1.1

We recognize that numerous frameworks exist today that assist with varying degrees of implementing portions of a cybersecurity portfolio. However, there are no industry-backed open-source frameworks defining how cyber intelligence should work within a standard cybersecurity portfolio. CCI’s Cyber Intelligence Framework aims to fill this gap by pulling together industry expertise and portions of existing cybersecurity frameworks to establish a “go-to” resource for the Cyber Intelligence community. This framework aims to capture community-accepted standards and best practices that enable organizations to develop a cyber intelligence program that provides stakeholders with the necessary decision-making information they need at the tactical, operational, and strategic levels.

Currently, the CCI Cyber Intelligence Framework is intended to be a starting point for the cyber intelligence community to come together and establish a commonly understood model of how we should practice cyber intelligence. Ultimately, CCI aims to provide everything a security practitioner would need to build their program - everything from business requirements to reports that should be produced and more.

Formal documentation supporting the framework is scheduled to be published in early 2023.

Change Log - Prior Version 1.0

• Introduced Support for Security Orchestration, Automation, and Response

• Added Details to identify the relationship between a SIEM and the Cyber Intelligence Factory.

• Updated External Information Source Descriptions

Please provide your feedback on the Cyber Intelligence Framework using the form below. Thank you in advance for your support!