By Jake Munroe of Recorde Future
Source: [Recorded Future website](https://www.recordedfuture.com/iso-27002-threat-intelligence-new-security-standard/)
Published: February 4, 2022
Retrieved: March 7, 2022

Jake Munroe lists some uses of threat intelligence on the three layers as identified in [a-5.7-Threat-intelligence](../../Standards/ISO27x/OST/27002/EN/a-5.7-Threat-intelligence.md):

Strategic:
- setting priorities and making informed security architecture and budget decisions
- focussing your threat intelligenge programme in line with the organization's strategy, by defining and tracking Priority Intelligence Requirements [^PIR] 
- heightened awareness of relevant emerging threats, TTPs [^TTP], and threat groups

Tactical:
- integrating Indicators of Compromise (IoC’s) into security tools to enable contextual intelligence 
- using detection rulesets from hunting packages on threat actors and malware

Operational:
- better understanding of specific attacks and the relationships between threat actors, indicators, and TTPs
- mapping threat intelligence to common frameworks like MITRE ATT&CK to classify behaviors, assess security gaps, and share intelligence with the cybersecurity community


[^PIR]: An agreement to prioritize certain information collected and processed over others because of the organization’s critical need for this data. – [source](https://www.crowdstrike.com/falcon/2020/videos/priority-intelligence-requirements-your-key-to-working-smarter-with-more-impact/)
[^TTP]: -   Tactics, techniques and procedures (TTPs) are the “patterns of activities or methods associated with a specific threat actor or group of threat actors.” – [source](https://www.optiv.com/explore-optiv-insights/blog/tactics-techniques-and-procedures-ttps-within-cyber-threat-intelligence)