diff --git a/best-practices-in-threat-intelligence.html b/best-practices-in-threat-intelligence.html index 520a4da..30e1f6c 100644 --- a/best-practices-in-threat-intelligence.html +++ b/best-practices-in-threat-intelligence.html @@ -446,6 +446,7 @@ body.book #toc,body.book #preamble,body.book h1.sect0,body.book .sect1>h2{page-b
+ + | ++Expressing the confidence or the lack of in an analysis is critical step to help a partner or a third-party to check your hypotheses and conclusions. + | +
Analysis or reports are often shared with technical details but often lack the overall confidence level associated.
+Adding confidence or estimative probability have multiple advantages such as:
+Allowing receiving organisations to filter, classify and score the information in an automated way
+Information with low-confidence can still be shared and reach communities or organisations interested in such information without impacting organisations filtering out by confidence level
+Supporting counter and competitive analyses to validate hypotheses expressed in original reporting
+Complement analysis with contrary evidences is also very welcome to ensure the original analysis and the hypotheses evaluated.
++ + | ++MISP taxonomies contain an exhaustive list of confidence levels including words of estimative probability or confidence in analytic judgment. + | +
+ + | ++threat-intelligence.eu includes an overview of the methodologies and process to support threat intelligence. + | +