Commercial organizations face an increasingly sophisticated and persistent cyber threat landscape, characterized by advanced persistent threats (APTs) and rapidly evolving attack methodologies. Traditional reactive cybersecurity measures, while necessary, are often insufficient against these dynamic challenges. Cyber Threat Intelligence (CTI) offers a proactive approach by providing actionable insights into adversaries, their motivations, capabilities, and tactics, techniques, and procedures (TTPs). This article proposes a strategic framework for the effective adoption and integration of CTI within commercial enterprises, structured around the IMRaD format. It examines the multifaceted nature of CTI, its lifecycle, and the critical organizational, technological, and cultural factors influencing its successful implementation. By detailing methodologies for acquiring, analyzing, and operationalizing CTI, this paper highlights its potential to significantly enhance an organization's security posture, improve incident response capabilities, and foster a more intelligence-driven defense. The discussion emphasizes the need for a holistic, adaptive approach to CTI, acknowledging both its transformative potential and the challenges in its full realization within existing organizational structures.

Cyber threat intelligence (CTI), enterprise cybersecurity, security posture, threat mitigation

Ahmad, A., Webb, J., Desouza, K. C., & Boorman, J. (2019). Strategically-motivated advanced persistent threat: Definition, process, tactics and a disinformation model of counterattack. Computers & Security, 86, 402–418. https://doi.org/10.1016/j.cose.2019.07.001

Ahmad, A., Maynard, S. B., Desouza, K. C., Kotsias, J., Whitty, M. T., & Baskerville, R. L. (2021). How can organizations develop situation awareness for incident response: A case study of management practice. Computers & Security, 101, 1–15. https://doi.org/10.1016/j.cose.2020.102122

Avison, D. E., Lau, F., Myers, M. D., & Nielsen, P. A. (1999). Action research. Communications of the ACM, 42(1), 94–97. https://doi.org/10.1145/291469.291479

Bank of England. (2016). Understanding cyber threat intelligence operations. https://www.bankofengland.co.uk/-/media/boe/files/financial-stability/financial-sector-continuity/understanding-cyber-threat-intelligence-operations.pdf

Baskerville, R., & Wood-Harper, A. T. (1998). Diversity in information systems action research methods. European Journal of Information Systems, 7(2), 90–107. https://doi.org/10.1057/palgrave.ejis.3000298

Baskerville, R. (2005). Information warfare: A comparative framework for business information security. Journal of Information System Security, 1(1), 23–50. https://www.jissec.org/Contents/V1/N1/V1N1-Baskerville.html

Baskerville, R., Spagnoletti, P., & Kim, J. (2014). Incident-centered information security: Managing a strategic balance between prevention and response. Information & Management, 51(1), 138–151. https://doi.org/10.1016/j.im.2013.11.004

Bostrom, R. P., Gupta, S., & Thomas, D. (2009). A meta-theory for understanding information systems within sociotechnical systems. Journal of Management Information Systems, 26(1), 17–48. https://doi.org/10.2753/MIS0742-1222260102

Cooper, R. B., & Zmud, R. W. (1990). Information technology implementation research: A technological diffusion approach. Management Science, 36(2), 123–139. https://doi.org/10.1287/mnsc.36.2.123

Crowdstrike. (2021). Threat intelligence: Cybersecurity’s best kept secret. https://go.crowdstrike.com/rs/281-OBQ-266/images/WhitepaperThreatIntelligence.pdf

Davenport, T. H., & Prusak, L. (1998). Working knowledge: How organizations manage what they know. Harvard Business Press.

Ettinger, J. (2019). Cyber intelligence tradecraft report: The state of cyber intelligence practices in the United States. Retrieved from Carnegie Mellon University: https://resources.sei.cmu.edu/library/asset-view.cfm?assetid=546686

FM 2-0. (2010). Field manual 2-0: Intelligence. Headquarters, Department of the Army.

Giles, L. (1910). Sun Tzu on the art of war the oldest military treatise in the world translated from the Chinese is that is fixed. Sun Tzu On The Art Of War. Abingdon, Oxon: Routledge.

Grover, V., Jeong, S. R., Kettinger, W. J., & Teng, J. T. (1995). The implementation of business process reengineering. Journal of Management Information Systems, 12(1), 109–144. https://doi.org/10.1080/07421222.1995.11518072

Holland, R. (2015). Forrester. https://www.forrester.com/report/Vendor+Landscape+SR+Pros+Turn+To+Cyberthreat+Intelligence+Providers+For+Help/-/E-RES113066

Hutchins, E. M., Cloppert, M. J., & Amin, R. M. (2011). Intelligence-Driven Computer Network Defense Informed by Analysis of Adversary Campaigns and Intrusion Kill Chains. Paper presented at the International Conference on Information Warfare and Security, Washington, DC, USA. Lockheed Martin Corporation.

Iversen, J. H., Mathiassen, L., & Nielsen, P. A. (2004). Managing risk in software process improvement: An action research approach. MIS Quarterly, 28(3), 395–433. https://doi.org/10.2307/25148645

Lawson, C., Contu, R., & Benson, R. (2019). Market guide for security threat intelligence products and services. Gartner. https://www.gartner.com/en/documents/3902168

Lemay, A., Calvet, J., Menet, F., & Fernandez, J. M. (2018). Survey of publicly available reports on advanced persistent threat actors. Computers & Security, 72, 26–59. https://doi.org/10.1016/j.cose.2017.08.005

McKay, J., & Marshall, P. (2001). The dual imperatives of action research. Information Technology & People.

Microsoft Corporation. (2020). Microsoft digital defense report. https://www.microsoft.com/en-us/download/details.aspx?id=101738

Mumford, E. (2006). The story of socio‐technical design: Reflections on its successes, failures and potential. Information Systems Journal, 16(4), 317–342. https://doi.org/10.1111/j.1365-2575.2006.00221.x

Rogers, E. M. (1995). Diffusion of innovations (4th ed.). Free Press.

Samtani, S., Abate, M., Benjamin, V., & Li, W. (2020). Cybersecurity as an Industry: A Cyber Threat Intelligence Perspective. In: Holt T., Bossler A. (Eds.), The Palgrave Handbook of International Cybercrime and Cyberdeviance. Palgrave Macmillan, Cham.135–154. https://doi.org/10.1007/978-3-319-78440-3_8

Scheepers, R. (2006). A conceptual framework for the implementation of enterprise information portals in large organizations. European Journal of Information Systems, 15(6), 635–647. https://doi.org/10.1057/palgrave.ejis.3000646

Schein, E. (1987). The clinical perspective in fieldwork. Sage.

Schlette, D., Böhm, F., Caselli, M., & Pernul, G. (2021). Measuring and visualizing cyber threat intelligence quality. International Journal of Information Security, 20, 21–38. https://doi.org/10.1007/s10207-020-00490-y

Schön, D. A. (1983). The reflective practitioner: How professionals think in action. Basic Books.

Shin, B., & Lowry, P. B. (2020). A review and theoretical explanation of the ‘cyberthreat-intelligence (cti) capability’that needs to be fostered in information security practitioners and how this can be accomplished. Computers & Security, 92, 101761. https://doi.org/10.1016/j.cose.2020.101761

Tornatzky, L. G., & Klein, K. J. (1982). Innovation characteristics and innovation adoption–implementation: A meta-analysis of findings. IEEE Transactions on Engineering Management, 29(1), 28–45. https://doi.org/10.1109/TEM.1982.6447463

Verizon Corporation. (2018). Data breach investigations report. https://www.verizonenterprise.com/verizon-insights-lab/dbir/

Webb, J., Ahmad, A., Maynard, S. B., & Shanks, G. (2014). A situation awareness model for information security risk management. Computers & Security, 44(July 2014), 1–15. https://doi.org/10.1016/j.cose.2014.04.005

Weill, P., & Broadbent, M. (1998). Leveraging the new infrastructure: How market leaders capitalize on information technology. Harvard Business Press.