Without that, InfoSec is still in the red-yellow-green light phase of risk management.
1) Adversary: An general understanding of thier motivation, level of skill, determination, and targets of focus.
3) IT Environment: Complete technical details about the size and makeup of an IT environment, includuing security controls and exposed vulnerabilities.
If this is generally correct, then the next question is what entities in the market have the best access to these data types.
2) Vulnerability Landscape: Vulnerability Management, Vulnerability DB's (ie OSVDB, MITRE)
3) IT Environment: DevOps Teams, InfoSec Teams, Vulnerability Management, Asset Inventory
… a work in progess.