A Business Analyst Centric Framework for Consuming and Applying Cyber Threat Intelligence | Research Square window.SnipcartSettings = { analytics: { enabled: false } }; (function() { var accessVector = localStorage.getItem('access_vector') || ''; window.dataLayer = window.dataLayer || []; if (accessVector) { window.dataLayer.push({ user: { profile: { profileInfo: { snid: accessVector } } } }); } })(); (function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start':new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0],j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src='https://www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f);})(window,document,'script','dataLayer','GTM-K279D39R'); Browse Preprints In Review Journals COVID-19 Preprints AJE Video Bytes Research Tools Research Promotion AJE Professional Editing AJE Rubriq About Preprint Platform In Review Editorial Policies Our Team Advisory Board Help Center Sign In Submit a Preprint Cite Share Download PDF Research Article A Business Analyst Centric Framework for Consuming and Applying Cyber Threat Intelligence Taiwo Hassan This is a preprint; it has not been peer reviewed by a journal. https://doi.org/ 10.21203/rs.3.rs-8958284/v1 This work is licensed under a CC BY 4.0 License Status: Posted Version 1 posted You are reading this latest preprint version Abstract The proliferation of Cyber Threat Intelligence (CTI) has created a critical bottleneck: its consumption by non-technical stakeholders who are essential for translating threat data into business action. Business Analysts (BAs), who operate at the nexus of business needs, processes, and technology, are uniquely positioned to bridge this gap, yet lack a standardized framework to do so. This research addresses the under-explored role of the Business Analyst as a cyber threat intelligence translator and integrator . We propose the Business Analyst Threat Integration (BATI) Framework , a role-specific methodology enabling BAs to systematically consume raw CTI, contextualize it within business processes and objectives, and generate actionable requirements for risk mitigation, process redesign, and control enhancement. Through a design science approach involving 50 Business Analysts across finance, healthcare, and retail sectors, we co-designed and validated the BATI Framework. The framework consists of a Five-Stage Consumption Cycle (Receive, Contextualize, Map, Assess, Specify) and a suite of tailored artifacts, including the Threat-to-Process Impact Matrix (TPIM) and Intelligence-Driven User Stories (IDUS) . A 12-week field trial demonstrated that BAs using the BATI Framework produced security requirements with a 65% higher alignment to verified business risks and accelerated the integration of security controls into project lifecycles by 50%. This study establishes the Business Analyst as a pivotal force multiplier for organizational cybersecurity, providing a structured path to operationalize threat intelligence within the fabric of business analysis and project delivery. Artificial Intelligence and Machine Learning Theoretical Computer Science Business Analyst (BA) Cyber Threat Intelligence (CTI) Requirements Engineering Business Process Analysis Threat Integration Security-by-Design BATI Framework Threat-to-Process Mapping Non-Technical CTI Consumption Full Text Additional Declarations The authors declare no competing interests. Cite Share Download PDF Status: Posted Version 1 posted You are reading this latest preprint version Research Square lets you share your work early, gain feedback from the community, and start making changes to your manuscript prior to peer review in a journal. As a division of Research Square Company, we’re committed to making research communication faster, fairer, and more useful. We do this by developing innovative software and high quality services for the global research community. Our growing team is made up of researchers and industry professionals working together to solve the most critical problems facing scientific publishing. Also discoverable on Platform About Our Team In Review Editorial Policies Advisory Board Help Center Resources Author Services Accessibility API Access RSS feed Manage Cookie Preferences © Research Square 2026 | ISSN 2693-5015 (online) Privacy Policy Terms of Service Do Not Sell My Personal Information {"props":{"pageProps":{"initialData":{"identity":"rs-8958284","acceptedTermsAndConditions":true,"allowDirectSubmit":true,"archivedVersions":[],"articleType":"Research Article","associatedPublications":[],"authors":[{"id":596352588,"identity":"eee6e342-38d2-4831-abae-62ef31a6bf8b","order_by":0,"name":"Taiwo Hassan","email":"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAZAAAAAyAQMAAABI0h/eAAAABlBMVEX///8AAABVwtN+AAAACXBIWXMAAA7EAAAOxAGVKw4bAAAA3UlEQVRIiWNgGAWjYBACAxiDH0QkFBCr5QAQSzaAtBjgU4uuxeAAiqV4gDn78WfSH2oOyxmfX5344YEBgzy/2AH8Wix7EtIkDhw7bGx24+1mCaDDDGfOTiDgsAMJxyQOsB1O3Hbj7AaQlgSD24S0nH/YJnHg3+H6zTPObv5BnJYbyWwSB9sOJxjw924j0pYbz5gtzvalG864wbvNIsFAggi/nE9/eKPim7U8f//ZzTd/VNjI80sT0AIELBIMDM0MDBJglRIElYMA8wcGhjpgijlAlOpRMApGwSgYgQAADD5LiFQ6jy8AAAAASUVORK5CYII=","orcid":"https://orcid.org/0009-0000-3526-8662","institution":"Computer History Museum: Mountain View, California, US","correspondingAuthor":true,"prefix":"","firstName":"Taiwo","middleName":"","lastName":"Hassan","suffix":""}],"badges":[],"createdAt":"2026-02-24 13:57:31","currentVersionCode":1,"declarations":{"humanSubjects":false,"vertebrateSubjects":false,"conflictsOfInterestStatement":false,"humanSubjectEthicalGuidelines":false,"humanSubjectConsent":false,"humanSubjectClinicalTrial":false,"humanSubjectCaseReport":false,"vertebrateSubjectEthicalGuidelines":false},"doi":"10.21203/rs.3.rs-8958284/v1","doiUrl":"https://doi.org/10.21203/rs.3.rs-8958284/v1","draftVersion":[],"editorialEvents":[],"editorialNote":"","failedWorkflow":false,"files":[{"id":103383357,"identity":"41f59d42-3afc-4e8c-928b-df33ca29a5b3","added_by":"auto","created_at":"2026-02-25 06:11:51","extension":"pdf","order_by":1,"title":"","display":"","copyAsset":false,"role":"manuscript-pdf","size":253637,"visible":true,"origin":"","legend":"","description":"","filename":"KMeig.pdf","url":"https://assets-eu.researchsquare.com/files/rs-8958284/v1_covered_778128d8-e5e5-4c24-952a-c7b1a4cc1d3b.pdf"}],"financialInterests":"The authors declare no competing interests.","formattedTitle":"\u003cp\u003eA Business Analyst Centric Framework for Consuming and Applying Cyber Threat Intelligence\u003c/p\u003e","fulltext":[],"fulltextSource":"","fullText":"","funders":[],"hasAdminPriorityOnWorkflow":false,"hasManuscriptDocX":false,"hasOptedInToPreprint":true,"hasPassedJournalQc":"","hasAnyPriority":true,"hideJournal":true,"highlight":"","institution":"Stanford University","isAcceptedByJournal":false,"isAuthorSuppliedPdf":true,"isDeskRejected":"","isHiddenFromSearch":false,"isInQc":false,"isInWorkflow":false,"isPdf":true,"isPdfUpToDate":true,"isWithdrawnOrRetracted":false,"journal":{"display":true,"email":"
[email protected]","identity":"researchsquare","isNatureJournal":false,"hasQc":true,"allowDirectSubmit":true,"externalIdentity":"","sideBox":"","snPcode":"","submissionUrl":"/submission","title":"Research Square","twitterHandle":"researchsquare","acdcEnabled":true,"dfaEnabled":false,"editorialSystem":"","reportingPortfolio":"","inReviewEnabled":false,"inReviewRevisionsEnabled":true},"keywords":"Business Analyst (BA), Cyber Threat Intelligence (CTI), Requirements Engineering, Business Process Analysis, Threat Integration, Security-by-Design, BATI Framework, Threat-to-Process Mapping, Non-Technical CTI Consumption","lastPublishedDoi":"10.21203/rs.3.rs-8958284/v1","lastPublishedDoiUrl":"https://doi.org/10.21203/rs.3.rs-8958284/v1","license":{"name":"CC BY 4.0","url":"https://creativecommons.org/licenses/by/4.0/"},"manuscriptAbstract":"\u003cp\u003eThe proliferation of Cyber Threat Intelligence (CTI) has created a critical bottleneck: its consumption by non-technical stakeholders who are essential for translating threat data into business action. Business Analysts (BAs), who operate at the nexus of business needs, processes, and technology, are uniquely positioned to bridge this gap, yet lack a standardized framework to do so. This research addresses the under-explored role of the Business Analyst as a \u003cstrong\u003ecyber threat intelligence translator and integrator\u003c/strong\u003e. We propose the \u003cstrong\u003eBusiness Analyst Threat Integration (BATI) Framework\u003c/strong\u003e, a role-specific methodology enabling BAs to systematically consume raw CTI, contextualize it within business processes and objectives, and generate actionable requirements for risk mitigation, process redesign, and control enhancement. Through a design science approach involving 50 Business Analysts across finance, healthcare, and retail sectors, we co-designed and validated the BATI Framework. The framework consists of a \u003cstrong\u003eFive-Stage Consumption Cycle\u003c/strong\u003e (Receive, Contextualize, Map, Assess, Specify) and a suite of tailored artifacts, including the \u003cstrong\u003eThreat-to-Process Impact Matrix (TPIM)\u003c/strong\u003e and \u003cstrong\u003eIntelligence-Driven User Stories (IDUS)\u003c/strong\u003e. A 12-week field trial demonstrated that BAs using the BATI Framework produced security requirements with a 65% higher alignment to verified business risks and accelerated the integration of security controls into project lifecycles by 50%. This study establishes the Business Analyst as a pivotal force multiplier for organizational cybersecurity, providing a structured path to operationalize threat intelligence within the fabric of business analysis and project delivery.\u003c/p\u003e","manuscriptTitle":"A Business Analyst Centric Framework for Consuming and Applying Cyber Threat Intelligence","msid":"","msnumber":"","nonDraftVersions":[{"code":1,"date":"2026-02-25 06:09:44","doi":"10.21203/rs.3.rs-8958284/v1","editorialEvents":[{"type":"communityComments","content":0}],"status":"published","journal":{"display":true,"email":"
[email protected]","identity":"researchsquare","isNatureJournal":false,"hasQc":true,"allowDirectSubmit":true,"externalIdentity":"","sideBox":"","snPcode":"","submissionUrl":"/submission","title":"Research Square","twitterHandle":"researchsquare","acdcEnabled":true,"dfaEnabled":false,"editorialSystem":"","reportingPortfolio":"","inReviewEnabled":false,"inReviewRevisionsEnabled":true}}],"origin":"","ownerIdentity":"666bf20a-74d9-4a8b-8a20-7fe40500cb13","owner":[],"postedDate":"February 25th, 2026","published":true,"recentEditorialEvents":[],"rejectedJournal":[],"revision":"","amendment":"","status":"posted","subjectAreas":[{"id":63455165,"name":"Artificial Intelligence and Machine Learning"},{"id":63455166,"name":"Theoretical Computer Science"}],"tags":[],"updatedAt":"2026-02-25T06:09:44+00:00","versionOfRecord":[],"versionCreatedAt":"2026-02-25 06:09:44","video":"","vorDoi":"","vorDoiUrl":"","workflowStages":[]},"version":"v1","identity":"rs-8958284","journalConfig":"researchsquare"},"__N_SSP":true},"page":"/article/[identity]/[[...version]]","query":{"redirect":"/article/rs-8958284","identity":"rs-8958284","version":["v1"]},"buildId":"XKTyCvWXoU3ODBz1xrDgd","isFallback":false,"isExperimentalCompile":false,"dynamicIds":[84888],"gssp":true,"scriptLoader":[]}
Text is read by the "Ask this paper" AI Q&A widget below.
Extraction quality varies by source — PMC NXML preserves structure
cleanly, OA-HTML may include some navigation residue, and OA-PDF can
have broken hyphenation. The publisher copy
(via DOI)
is the canonical version.