HP Communities - Security Intelligence for the Enterprise - Part 1 - Enterprise Business Community
Jared Sperli stashed this in security
So what exactly does actionable mean?
There is a lot of talk about having the right data, and being able to turn it into knowledge in a timely manner to make decisions or take meaningful action. At the center of that discussion is the idea of “actionable intelligence,” and what it really means. In my opinion, and after watching several organizations attempt to operationalize intelligence reports/feeds, in order for anything to be actionable it must be able to quickly be converted by your organization from bits tomeaningful action. Actionable intelligence can be as broad as a memorandum that alerts the banking industry that there has been chatter by “cyber terrorists” of creating a large botnet in order to DDoS banking websites. Even if this doesn’t provide immediate detail, it can provide a sense of direction and urgency from which your organization can then derive action.
On the other end of that spectrum is an automated feed that takes data generated from human interaction and is packaged for consumption by an automated mechanism. More concretely, a feed from a security research organization that produces IP reputation data that is then fed into your firewalls and IPs to make more intelligent — alerting and blocking decisions is a great example.
So basically, react to things happening in real time?