In the Threat Intelligence Lifecycle, which stage defines the scope of the project?

Defining the project scope happens in the planning and direction stage. This is where you set the goals, determine what questions you want the threat intel effort to answer, specify which data sources are relevant, and outline constraints like timeframes, resources, and legal considerations. Establishing these decisions upfront creates the boundaries for what data will be collected, what analyses will be performed, and what success looks like for the project. Later stages then carry out within that framework: collection gathers data as defined by the scope, processing organizes and prepares it for analysis, and feedback helps refine methods and, if needed, adjust the scope based on results and lessons learned.