Information about cybersecurity threats is gathered and interpreted for the function, at least in an ad hoc manner
Context and Guidance: Threat identification and response begins with collecting useful threat information from reliable sources and determining whether and how that information is relevant in the context of the organisation and function. Collection and review of threat information can be done by internal staff, provided as a service through a vendor, or a combination of both. Sources of threat information should address the different kinds of IT, OT, and information assets that are important to the delivery of the function.
Related Practices • Input From: Implementing THREAT-2a provides input that may be useful for implementing this practice. • Progression: This practice is part of a practice progression. Practice progressions are groups of related practices that represent increasingly complete or more advanced implementations of an activity. The practices in this progression include: THREAT-2b, THREAT-2h, THREAT-2k.