Exploring the value of a cyber threat intelligence function in an organization

Anzel Berndt, Jacques Ophoff*

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingConference contribution

1 Citation (Scopus)
307 Downloads (Pure)


Organizations can struggle to cope with the rapidly advancing threat landscape. A cyber threat intelligence (CTI) function broadly aims to understand how threats operate to better protect the organization from future attacks. This seems like a natural step to take in hardening security. However, CTI is understood and experienced differently across organizations. To explore the value of this function this study used a qualitative method, guided by the Socio-Technical Framework, to understand how the CTI function is interpreted by organizations in South Africa. Thematic analysis was used to provide an in-depth view of how each organization implemented its CTI function and what benefits and challenges they’ve experienced. Findings show that CTI tasks tend to be more manual and resource-intensive, but these challenges can be resolved through automation. It was noted that only larger organizations seem to have the budget and resources available to implement the CTI function, whereas smaller organizations put more reliance on tools. It was observed that skills for the CTI function can be learned on the job, but that formal education provides a good foundation. The findings illustrate the value the CTI function can provide an organization but also the challenges, thereby enabling other organizations to improve preparation before such a function is adopted.
Original languageEnglish
Title of host publicationInformation security education. Information security in action
Subtitle of host publication13th IFIP WG 11.8 World conference, WISE 13, Maribor, Slovenia, September 21–23, 2020, proceedings
EditorsLynette Drevin, Suné Von Solms, Marianthi Theocharidou
Place of PublicationCham
Number of pages14
ISBN (Electronic)9783030592912
ISBN (Print)9783030592905
Publication statusPublished - 15 Sep 2020
Event13th World Conference on Information Security Education: Information Security in Action - online conference, Maribor, Slovenia
Duration: 21 Sep 202023 Sep 2020
Conference number: 13th

Publication series

NameIFIP Advances in Information and Communication Technology
ISSN (Print)1868-4238
ISSN (Electronic)1868-422X


Conference13th World Conference on Information Security Education
Abbreviated titleWISE 13
Internet address


  • Cyber threat intelligence
  • Socio-technical framework


Dive into the research topics of 'Exploring the value of a cyber threat intelligence function in an organization'. Together they form a unique fingerprint.

Cite this