* Tap into All Domains: Depending on your organization's industry, mission, structure and culture, you will need multiple domains/dimensions of threat intelligence to meet stakeholder needs. This means not only sharing actionable intelligence across domains, but also having multiple sources of threat intelligence, or a rating system to score various intelligence sources. Taking action based on bad intelligence could be worse than taking no action.
* Set the Right GovernanceModels: Relatedly, a prohibition on certain actions based on a sole source of intelligence is warranted. Having these policies in place prior to an incident will help guide operations when an organization is under stress. Not all feeds are created equal. Open-source feeds, consolidated feeds and premium feeds should be evaluated against your organization's mission and scored based on reliability, asset value and overall cost of ownership (subscriptions, platforms, bandwidth, etc.).
In the end, threat intelligence sharing is one of the best ways to ensure your organization can react quicker and make better decisions faster, in response to today's rapidly changing threat landscape. Don't wait for a top-down mandate or compelling event to get started break down the walls and create the internal efficiencies you need to get the most out of this valuable resource.
Sign up for CIO Asia eNewsletters.