<aside> đź’ˇ

Creating a strong threat landscape deliverable is key to presenting a clear narrative on threat and risk to an organization. This system details our approach to building successful and impactful threat landscape deliverables.

</aside>

1. What is a threat landscape

If you ask this to 10 people, you probably get 10 different answers.

The reality is that there is not one answer: Consider it more of a concept, rather than a deliverable.

A good place to start is how this concept is used differently between the public and private sector.

In the public sector, it's an intelligence preparation of the 'battlefield', setting the scene for everything.

Providing a strategic understanding that you layer intelligence requirements-based content on top of.

In the private sector, the threat landscape emphasizes situational awareness.

Focusing on answering questions (or intelligence requirements) from (key) stakeholders.

This approach rarely explores providing a true strategic understanding.

In short, a threat landscape provides only “your” view of the painting, and your view is only a section of the greater picture.

The better you manage your requirements and collections, you will see more of the picture, in greater detail, and have a better estimate(s) of what the greater picture could be.


2. When should you create a threat landscape

I recommend teams to always produce this deliverable: it gives you the opportunity to talk about threats or risks in a consistent manner regularly (e.g. quarterly or yearly).

The objective is informed decision-making about security investments and resource allocation, but first you have to win people over: you do that by being consistent.