Cyber threat indicator

Definition
A cyber threat indicator (CTI) is

{{Quote|information that is necessary to describe or identify &mdash;


 * (A) malicious reconnaissance, including anomalous patterns of communications that appear to be transmitted for the purpose of gathering technical information related to a cybersecurity threat or security vulnerability;
 * (B) a method of defeating a security control or exploitation of a security vulnerability;
 * (C) a security vulnerability, including anomalous activity that appears to indicate the

existence of a security vulnerability;
 * (D) a method of causing a user with legitimate access to an information system or

information that is stored on, processed by, or transiting an information system to unwittingly enable the defeat of a security control or exploitation of a security vulnerability;
 * (E) malicious cyber command and control;
 * (F) the actual or potential harm caused by an incident, including a description of the

information exfiltrated as a result of a particular cybersecurity threat;
 * (G) any other attribute of a cybersecurity threat, if disclosure of such attribute is not

otherwise prohibited by law; or
 * (H) any combination thereof.