What is the purpose of a threat intelligence program in Annex B?

The idea behind a threat intelligence program is to turn raw threat data into actionable insights that enable proactive defense. By gathering information from multiple sources, analyzing it to identify who is behind the threats, what techniques they’re using, and where the risks are strongest, security teams can anticipate moves before they occur. Sharing these insights with the right teams—security operations, incident response, and even partner organizations—helps everyone stay aware of evolving threats and implement defenses in advance, such as adjusting rules, applying patches, and tuning detection capabilities. This approach is superior because it moves defense from reactive to proactive, enabling earlier warning and better prioritization of resources. Limiting activity to internal reporting, focusing only on audits, or ignoring threat information altogether would reduce awareness and leave systems more vulnerable to new attack methods.