Over the last ten years there have been many threat intelligence analysis models created. Many of these have changed and evolved to meet the challenges threat hunters have faced when trying to discover and assign attribution and figure out the tactics, techniques and procedures of attackers. However, most of these models are built for the threat analyst acting in isolation from the rest of the security team. In other words, these models have not evolved to include producing operational threat intelligence to be consumed by security operations teams.
This white paper discusses a new threat intelligence model, the Security Incident Response Matrix (SIRM), that can be a guide for the creation of organizational threat intelligence that is not only strategic and technical but also tactical and operational, making it useful for enabling the intelligence driven security operations center and is better suited for organizational risk reduction.