1.3 The threat intelligence lifecycle

First, you figure out what kind of weapons and defenses you need to protect your castle. This is like the cyber security pros deciding what information they need to stop attacks. They think about what's important for the castle (the organization) and make a plan on how to gather that information.

Next, you gather information on potential dragon attacks. This could mean looking out from your towers or sending scouts to gather news. In cyber terms, this means collecting data from different places, like checking the castle's logs or even spying on dark corners of the internet where dragons might talk.

Once you have all this raw information, you need to organize it. Maybe you put all your scout reports on a big table or translate messages caught from dragon spies. For cyber experts, this means making the data easy to understand, like putting it into spreadsheets or translating languages.

Now, it's time to look at all the information and figure out if a dragon has already tried to attack or if there are signs they will soon. This is like using your knowledge and tools to find clues in the information you've collected.

After figuring out what the dragons are up to, you write a report and give it to the castle's leaders, like the king or queen (like a CEO or senior manager). You'll decide how to explain your findings, whether in simple terms or with more detail, depending on what they prefer.

Finally, the king or queen will review your report and decide what to do next. They might ask for more information or suggest a new strategy for defending the castle. This helps you know what to focus on next time you start the cycle again.