CAPABILITY MATURITY FOR CYBER THREAT INTELLIGENCE (CM-CTI) MODEL
The Capability Maturity for Cyber Threat Intelligence (CM-CTI) model is a framework for assessing how developed a CTI team is.
It was inspired by the Capability Maturity Model Integration (CMMI):
“A process level improvement training and appraisal program administered by the CMMI Institute, a subsidiary of ISACA. It was developed at Carnegie Mellon University (CMU) and is required by many US Government contracts, especially in software development. CMMI is used to guide process improvement across projects, divisions, or entire organizations (mainly in software development).”
When I reflected on my past experiences working on and with different CTI teams, I could definitely see how it correlates with my own career progression and the capabilities of the teams I’ve seen at different stages of their journey.
So with a few tweaks and additions, and in conjunction with the different phases of the Intelligence Cycle, I adapted this model to represent the different stages a CTI team may go through in their development.
I want to note that this model reflects my own opinions based on personal experience and is in no way comprehensive. And it is more than likely that a team exhibits qualities from multiple levels at once rather than fitting cleanly into one level.
The intent was to structure some of the common themes we see in CTI and hopefully give some ideas for how teams can mature their own practices in a systemic way. Or at the very least get a laugh out of it.
