Threat intelligence feedback
The final step is a bridge between the dissemination and the initial phases. The benefactors, consumers, or target audience of the intelligence product evaluate and assess the project and mark it as successful or not. Their perspective determines the satisfaction index of the project as a whole. Only after or during the feedback step are actionable or business decisions made.
The intelligence authors' feedback and reviews can come in the form of acceptance criteria that are ticked as OK or NOK, in correlation with the input requirements. This feedback is then used as the initial objectives for the next CTI cycle's planning and direction phase. This is enriched with new requirements (probably new data sources), and then the project continues with its cyclic operation. Chapter 14, Threat Intelligence Reporting and Dissemination, provides a deep dive into feedback examples and how those examples can be converted into new requirements.
