Threat intelligence is evidence-based knowledge about existing or emerging threats — who the attackers are, what techniques they use, which industries they target, and what indicators signal their activity. Good threat intelligence is specific, timely, and actionable.
Threat intelligence comes from government advisories like CISA, commercial threat feeds, information sharing communities like ISACs, dark web monitoring, and an organization’s own incident history.
CISSP Relevance
Threat intelligence supports Domain 7 (Security Operations) and Domain 1 (Security and Risk Management). CISSP candidates must understand intelligence types, sharing frameworks like STIX/TAXII, and how threat intelligence feeds improve security program decision-making.
External reference: CISA Cyber Threats and Advisories
Related terms: Security Operations Center, Vulnerability Assessment