Frequently Asked Questions

Many cyber-security companies market ‘threat intelligence’. The term ‘threat intelligence’ is misleading. Sun Tzu defined Intelligence as ‘foreknowledge of an adversary’, meaning that Intelligence, by its very definition and intent, is supposed to be focused on the threat (the adversary). That is what CIDC and CSCSS use as the definition of Intelligence. This definition is based on the historical roots of Intelligence, how the use and meaning of Intelligence has evolved, how Intelligence is defined by governments, and how our team was trained.

Cyber Intelligence Defence Center, or CIDC, is part of the Defence Intelligence Group, a component of the Center for Strategic Cyberspace and Security Science (CSCSS). David Swan Consulting ‘mans’ CIDC, providing the Intelligence personnel and computer expertise behind CIDC. The David Swan Consulting team is a group of Intelligence professionals whose credentials were earned during government employment, conducting analysis and producing Intelligence products.

Intelligence is a partnership between the Intelligence team and the client. It is a partnership because information flows both ways. The better the direction CIDC receives from the client, the more refined CIDC’s work and reporting becomes. When a client’s security information is added to CIDC’s database, CIDC can produce more detailed threat assessments and improve forecasting.

We are different in a few other ways as well.

1. CIDC is part of CSCSS, an international cyber-security organization. CIDC provides situational awareness (what is happening now) as well as detailed analysis and forecasts of what cyber-attacks you should expect to see. CIDC does not sell any other cyber-security products.

2. Part of our customer focus is the delivery of Intelligence products in PLAIN LANGUAGE. CIDC does not use marketing speak, Intelligence dialect or ask you to learn a new vocabulary.

3. CIDC personnel have extensive Intelligence training, based on internationally recognized standards. Our personnel have worked in operational environments.

4. CIDC is dependent upon your organization’s input. Your computer network and daily operational experience is part of the cyber-security environment. The more CDIC can learn about your cyber-events and attackers, the better the Intelligence CIDC can generate. CIDC does this because we know that the more information that can be integrated from disparate sources, the more effective CIDC Intelligence products become.

When you share information with CIDC, it is checked to ensure any identifying information is removed. If CIDC can’t ensure your organization’s security, the information is not shared. This is an example of our training and standards.

If you are:

That depends on what your organization needs. You select the products and services appropriate for your organization, and pay the rates for those. There are discounts for organizations using multiple products as well as rates for clients wanting direct access to CIDC analysts.

CIDC sources are provided by our staff, by members of CSCSS, by other contributors (both inside and outside of CSCSS), and by sponsors. The information itself originates from a mixture of open and proprietary sources. CIDC also conducts speciality research and intelligence products for CIDC clients.

CIDC has no relationship either formally or informally with any government. CIDC is aware that CIDC products are widely circulated and are used by more than one government agency.

Yes – and No. ‘Threat Intelligence’ is not a term we use. Threat Intelligence is a standard term in the computer security industry but it is NOT a standard term in the Intelligence profession where our team learned their skills. We conduct analysis of cyber events and aggressors, just like the Threat Intelligence providers. We also work at forecasting the patterns and activitites of those aggressors, which is NOT the same. So yes we provide the same informaiton and more.