Learn how our analysts' keen insights and Deep & Dark Web discoveries produce Business Risk Intelligence (BRI) to empower organizations to make informed decisions.

Blog > BRI > The Intelligence Cycle and Services: A Methodology Traversing The Enterprise

The Intelligence Cycle and Services: A Methodology Traversing The Enterprise


Across the enterprise, intelligence programs supporting both cyber and physical domains continue to emerge and mature more quickly and more frequently. Unfortunately, many of these programs lack the methodology, capabilities, and strategic guidance necessary for optimizing the accuracy, efficiency, and value of their intelligence. While few organizations tend to apply and integrate such intelligence in a manner that serves all business functions across the enterprise, even fewer have established the workflow integration of principles required to support the methodological production of intelligence — well known in our industry as the intelligence cycle.

The critical yet oft-misunderstood nature of the intelligence cycle is one such factor behind Flashpoint Advisory Services, a new offering which aims to help customers mature their intelligence operations and enhance their capabilities so they can protect their organizations and mitigate risk as efficiently and effectively as possible.

At Flashpoint, although our delivery of Business Risk Intelligence (BRI) seeks to enable security, intelligence, and risk teams to thwart or remediate attacks more effectively, we recognize that many organizations still require additional support to achieve these outcomes. And often, this additional support pertains to the intelligence cycle.

In order to complement our new offering and provide additional visibility into some of the fundamental aspects, frequently asked questions, and common challenges many organizations face when initiating and developing intelligence programs, we are introducing this multi-part blog series. This post, the first installment in the series, goes back to basics to review the fundamental components of all effective intelligence programs: intelligence and the intelligence cycle.

What is Intelligence?

Regardless of an organization’s size, industry vertical, or capability, attaining a clear understanding of the definition and purpose of intelligence is not only integral to the intelligence cycle, it remains the first step in establishing an effective, scalable intelligence program.

To start, all intelligence begins as raw data collected from any source deemed relevant. When we apply meaning and context to the data, it then matures into information. But before we can transform this information into intelligence, we must formulate the questions we would like the intelligence to answer and the purpose we would like the answer to serve. Only when we have established these parameters does the information become intelligence.

The purpose of intelligence is to equip its recipient with the timely, accurate knowledge necessary in order to make decisions or take action. It’s important to emphasize that although much of the intelligence produced and consumed by today’s organizations is derived from the cyber domain — particularly the Deep & Dark Web — intelligence can be consumed by and deliver value across the enterprise, not just to business functions rooted in cybersecurity. While cybersecurity teams have traditionally been the most involved in and affected by intelligence produced by data from the Deep & Dark Web, intelligence that has been properly analyzed, contextualized, and applied can not only benefit all business functions, it has the potential to inform strategic decisions and address widespread risk throughout an organization. Unfortunately, the limited scope of and vision for intelligence programs within many organizations means that the value their intelligence delivers rarely reaches its full potential.

Indeed, one factor behind the limitations faced by many intelligence programs stems from skewed perceptions of the value and applicability of intelligence. Historically, many business leaders and decision-makers have leveraged intelligence to provide key stakeholders with information that is complementary rather than critical. In other words, while most organizations can and do use intelligence to, for example, confirm the existence of a data breach or malware infection, few organizations use intelligence where it can be most valuable: to inform strategic or critical decisions and mitigate widespread risk across business functions. Organizations that have leveraged intelligence in this manner have, for example, been able to successfully strengthen anti-money laundering programs, analyze the implications of a potential merger or acquisition, bolster physical security, or assess supply chain integrity. However, when intelligence is not deemed integral to supporting all business functions across an organization, the perceived role and value and of all components of an intelligence program tend to deteriorate.

The Intelligence Cycle – A Demarcation

For intelligence programs to support security and resiliency successfully as well as deliver value across the enterprise, the intelligence cycle and its core principles must remain at the forefront. An organization simply cannot reap the full value of intelligence without proper adoption and employment of the intelligence cycle. Although intelligence cycle methodology originated in the public sector, it has long proven to be extremely successful for intelligence production within the private sector. The intelligence cycle remains an easily digestible model meant to provide a quick grasp of how intelligence is produced.

It’s important to recognize that the intelligence cycle represents just one of countless models of intelligence production — all of which vary widely depending on the nature and explanation they are prepared to serve. There is not one all-encompassing intelligence cycle model that provides details tailored to all intelligence disciplines and is also capable of reflecting the nuances and nature of the business of intelligence. If such a model did exist, it would no doubt be far too complex to aid in understanding — much less provide value.

Above all else, the intelligence cycle is meant to represent the methodology comprising the curation of intelligence and its most fundamental, integral components. Throughout the remainder of our blog series, this model will serve as our compass as we take a closer look at the inputs and processes required for establishing the building blocks of all successful intelligence programs.

Flashpoint’s Advisory Services team will attend RSA Conference U.S. in San Francisco next month. Request a meeting either on-site at the event, or a consultation scheduled at your convenience.

About the author: Michael Anderson

Michael Anderson is a Principal Advisor, Business Risk Intelligence at Flashpoint. A tenured intelligence professional with experience in both the government and private sector, Michael has previously worked at organizations including the Department of Defense and numerous Fortune 20 companies. He has served in a government capacity to support threat mitigation for sensitive technologies, is a contributing author to U.S. counterintelligence curriculum, and has presented to senior governing bodies on emerging intelligence threats. Michael has spent extensive time operationalizing intelligence in cyber and physical environments and has gained a trusted reputation with law enforcement and intelligence organizations. He continues to shape intelligence application in business risk policy and practice and leads strategic intelligence initiatives derived from the Deep & Dark Web applicable to insider threats, foreign travel risks, supply chain, critical assets and business reputation.