Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Risk Management

A Deep Dive Into Decision Advantage

Cyber Intelligence

Cyber Intelligence

The Most Effective Intelligence Programs Focus on Providing a Decision Advantage Over the Threats and Adversaries That Matter Most

The fundamental purpose of intelligence — regardless of where, when, or by whom it is consumed — is to provide a decision advantage. So, what exactly is decision advantage? And why does it matter? And, most importantly, how does it help an organization mitigate risk or make better decisions about risk? Here’s what you need to know: 

Decision advantage is what results when intelligence enables a decision-maker to better understand and address an issue. It requires:

1) Intelligence that is timely, accurate, and relevant to a given issue and;

2) At least one decision-maker who possesses the expertise and resources needed to evaluate and action the intelligence within the context of the issue.

For example, let’s say the issue is an unpatched vulnerability in a company’s network. Intelligence revealing this issue prompted the company’s security team to patch the vulnerability before any adversaries could exploit it. This intelligence-driven decision to patch the vulnerability put the security team in a more advantageous position than any adversaries who may have sought to exploit it, thereby enabling the security team to gain a decision advantage over the adversaries. 

Decision advantage reinforces that the value of intelligence lies not in the intelligence itself but in the decisions it shapes and drives. This principle is crucial because it enables us to:

● Distinguish true intelligence from data and information: As I’ve written previously, neither data nor information serve the same purpose as intelligence, yet both are often mistakenly labeled and marketed as such. When an organization believes the data or information it’s consuming are actually intelligence, it could end up making uninformed decisions with unintended consequences. The good news is that the basic principles of decision advantage can help us distinguish data or information from true intelligence. Start with questions like “why is this intelligence relevant to my organization?”, “Does this intelligence make me more informed of the issue?”, or “If unaddressed, how could this issue impact my organization?”. If you cannot confidently answer these or similar questions, the intelligence in question is likely just data or information and therefore likely insufficient to support decision-making.

Advertisement. Scroll to continue reading.

 ● More effectively measure the performance of an intelligence program: A common mistake among many intelligence programs is focusing on quantitative metrics rather than qualitative results that track how the entire business is better informed about the threats facing their organizations. While metrics such as the number of intelligence reports produced or indicators of compromise (IoCs) processed, for example, can provide useful insight into workflows and efficiency, they don’t tell us much about the extent to which the intelligence program is able to shape and drive decisions. The most effective intelligence programs, meanwhile, ensure their intelligence operations map directly to the decisions their stakeholders need to make. 

● Achieve better outcomes: One of the main reasons why decision-driven intelligence programs are often more successful is that they focus on delivering finished intelligence that map to the prioritized needs of the business. A widely consumable type of intelligence, finished intelligence is derived from relevant data that has been contextualized, deeply analyzed, and presented along with all requisite details needed to support decision-making and thus provide a decision advantage. Because finished intelligence tied to a stated business need is actionable in and of itself and doesn’t require its consumers to seek additional context or analysis before making a decision, effective decisions can often occur in less time, resulting in better outcomes. 

Although the concept of decision advantage may seem obvious, realizing it is not simple. A “checkbox” approach that continues to motivate many organizations may never really address the questions decision-makers need answered to give them a decision advantage. There’s no point in having an intelligence program unless you’re able to make better decisions. This is why the most effective intelligence programs focus on providing a decision advantage over the threats and adversaries that matter most to their organizations.   

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Cybersecurity Funding

2022 Cybersecurity Year in Review: Top news headlines and trends that impacted the security ecosystem

Endpoint Security

Today, on January 10, 2023, Windows 7 Extended Security Updates (ESU) and Windows 8.1 have reached their end of support dates.

Email Security

Many Fortune 500, FTSE 100 and ASX 100 companies have failed to properly implement the DMARC standard, exposing their customers and partners to phishing...

Artificial Intelligence

Two of humanity’s greatest drivers, greed and curiosity, will push AI development forward. Our only hope is that we can control it.

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...