best practices in threat intelligence updated

best-practices-in-threat-intelligence.html

@@ -446,6 +446,7 @@ body.book #toc,body.book #preamble,body.book h1.sect0,body.book .sect1>h2{page-b
 <ul class="sectlevel2">
 <li><a href="#_improving_analysis">Improving Analysis</a></li>
 <li><a href="#_what_to_share_or_what_counts_as_valuable_information">What To Share or What Counts As Valuable Information?</a></li>
+<li><a href="#_expressing_confidence_in_an_analysis">Expressing confidence in an analysis</a></li>
 </ul>
 </li>
 <li><a href="#_authors_and_contributors">Authors and Contributors</a></li>
@@ -581,6 +582,68 @@ When asking for the support of the community, using a specific taxonomy such as
 </div>
 <div style="page-break-after: always;"></div>
 </div>
+<div class="sect2">
+<h3 id="_expressing_confidence_in_an_analysis">Expressing confidence in an analysis</h3>
+<div class="admonitionblock note">
+<table>
+<tr>
+<td class="icon">
+<i class="fa icon-note" title="Note"></i>
+</td>
+<td class="content">
+Expressing the confidence or the lack of in an analysis is critical step to help a partner or a third-party to check your hypotheses and conclusions.
+</td>
+</tr>
+</table>
+</div>
+<div class="paragraph">
+<p>Analysis or reports are often shared with technical details but often lack the overall confidence level associated.</p>
+</div>
+<div class="paragraph">
+<p>Adding confidence or estimative probability have multiple advantages such as:</p>
+</div>
+<div class="ulist">
+<ul>
+<li>
+<p>Allowing receiving organisations to filter, classify and score the information in an automated way</p>
+</li>
+<li>
+<p>Information with low-confidence can still be shared and reach communities or organisations interested in such information without impacting organisations filtering out by confidence level</p>
+</li>
+<li>
+<p>Supporting counter and competitive analyses to validate hypotheses expressed in original reporting</p>
+</li>
+</ul>
+</div>
+<div class="paragraph">
+<p>Complement analysis with contrary evidences is also very welcome to ensure the original analysis and the hypotheses evaluated.</p>
+</div>
+<div class="admonitionblock tip">
+<table>
+<tr>
+<td class="icon">
+<i class="fa icon-tip" title="Tip"></i>
+</td>
+<td class="content">
+MISP taxonomies contain an exhaustive list of confidence levels including words of <a href="https://www.misp-project.org/taxonomies.html#_estimative_language">estimative probability</a> or confidence in analytic judgment.
+</td>
+</tr>
+</table>
+</div>
+<div class="admonitionblock tip">
+<table>
+<tr>
+<td class="icon">
+<i class="fa icon-tip" title="Tip"></i>
+</td>
+<td class="content">
+threat-intelligence.eu includes an overview of the <a href="https://www.threat-intelligence.eu/methodologies/">methodologies and process to support threat intelligence</a>.
+</td>
+</tr>
+</table>
+</div>
+<div style="page-break-after: always;"></div>
+</div>
 </div>
 </div>
 <div class="sect1">
@@ -618,7 +681,7 @@ When asking for the support of the community, using a specific taxonomy such as
 </div>
 <div id="footer">
 <div id="footer-text">
-Last updated 2018-07-01 17:39:08 CEST
+Last updated 2018-09-22 21:21:07 CEST
 </div>
 </div>
 </body>