Information provided by a source does not necessarily objectively represent the reality. The first factor is the reliability of the source and second it's ability to manage this type of information. As a result, the need for rating sources and the information they provide.
We suggest teams incorporate the NID1 model that is widely used in government and some of commercial entities. According to this model the sources are classified in order of decreasing reliability from "A" to "E", where "F" is designated for the case where judgement cannot be made.
In turn, the specific piece of information itself is ranked in decreasing order from "1" to "5", where "6" is reserved for the case where judgement cannot be made.
|No doubt about the source's authenticity, trustworthiness, or competency. History of complete reliability.
|Minor doubts. History of mostly valid information.
|Doubts. Provided valid information in the past.
|Not usually reliable
|Significant doubts. Provided valid information in the past.
|Lacks authenticity, trustworthiness, and competency. History of invalid information.
|Cannot be judged
|Insufficient information to evaluate reliability. May or may not be reliable.
|Logical, consistent with other relevant information, confirmed by independent sources.
|Logical, consistent with other relevant information, not confirmed.
|Reasonably logical, agrees with some relevant information, not confirmed.
|Not logical but possible, no other information on the subject, not confirmed.
|Not logical, contradicted by other relevant information.
|Cannot be judged
|The validity of the information can not be determined.
An example would be a CTI provider with well trusted feeds which is introducing new experimental feed. Initially this feed may be classified as "A3" since the data feed has not been tuned yet.
Another example would be information gathered in underground forum from an actor, who for the most part has provided good information, but in a particular instance their information does not fit well, or contradicts other information from multiple sources can be rated as "B4".