Summarizing Actor Motivations, Intentions, and Capabilities

Correct Answer: A.

Option A is correct.

There are multiple forms of Cyber Threat Intelligence (CTI) categories -"Strategic TI" for actors intensions, capabilities & motivations.

Option B is incorrect.

“Operational TI" is for techniques , tools & procedures (technical details about specific attacks and campaigns).

Option C is incorrect.

"Tactical TI" is mainly for observables & indicators.

Option D is incorrect."OSINT" is for open standard formats.

Reference:

The CTI (Cyber Threat Intelligence) category that summarizes actor motivations, intentions, and capabilities is Tactical TI.

Tactical Threat Intelligence (TI) is a type of CTI that provides specific and actionable information about the tactics, techniques, and procedures (TTPs) used by threat actors to accomplish their objectives. Tactical TI typically includes indicators of compromise (IOCs), such as IP addresses, domain names, file hashes, and other technical details that can help defenders identify and mitigate threats.

Tactical TI is particularly useful for security operations centers (SOCs) and incident response (IR) teams, as it enables them to quickly identify and respond to threats in real-time. By analyzing the TTPs used by threat actors, defenders can also gain insights into the actor's motivations, intentions, and capabilities.

While Tactical TI focuses on the specific tactics and techniques used by threat actors, it does not provide a comprehensive understanding of the threat landscape. For that, organizations may also need to leverage other types of CTI, such as Operational TI or Strategic TI.

Operational TI provides a broader view of the threat landscape, including the infrastructure, tools, and techniques used by threat actors. It may also include information on the relationships between different threat actors, as well as their targets and objectives.

Strategic TI provides a high-level view of the threat landscape, focusing on the geopolitical and economic factors that drive cyber threats. It may include analysis of nation-state actors, criminal organizations, and other threat actors, as well as their capabilities, motivations, and intentions.

OSINT (Open-Source Intelligence) refers to information that is publicly available, such as news articles, social media posts, and other online content. While OSINT can be a valuable source of information for threat intelligence, it is not a category of CTI on its own. Rather, it is a type of information that can be used in conjunction with other types of CTI to gain a more comprehensive understanding of the threat landscape.