How to define and build threat intelligence capability

What is "threat intelligence"? A term overused and ill-defined! What is required to create a true threat intelligence capability, and how does this relate to the nirvana of cyber situational awareness?

During this talk, we will: Define "threat intelligence", distinguishing between threat data and how this can be processed into "intelligence". Discuss some of the data sources (open and closed networks), how organisations are beginning to share more data, and the benefits of incorporating threat data into correlation systems. Explain why data must first be contextualised and ranked before it becomes "intelligence". Argue why this is difficult to automate effectively, and the role your security staff have in operationalising the output. Continue to describe the term "cyber situational awareness", referencing literature and movies in a fun way to explain how this is achieved and why it is important. Show how this enables organisations to achieve an almost unconscious heightened level of security preparedness.