User:Leibrockl/sandbox

This is the user sandbox of Leibrockl. A user sandbox is a subpage of the user's user page. It serves as a testing spot and page development space for the user and is not an encyclopedia article. Create or edit your own sandbox here. Other sandboxes: Main sandbox | Template sandbox Finished writing a draft article? Are you ready to request review of it by an experienced editor for possible inclusion in Wikipedia? Submit your draft for review!

Bottom Line Up Front - What is Cyber Threat Intelligence (CTI)?

Cyber threat intelligence is comprised of processed knowledge, information, indicator data and items of evidentiary interest - that is lawfully and properly collected, protected from change, properly processed, and analyzed in order to understand a threat actor’s intentions, activities, motives, targets, and attack behaviors. Threat intelligence enables cyber threat intelligence analysis to make; fact-based, faster, more informed, data-evidentiary, cyber security decisions and alter malicious actors Tactics, Techniques, and Procedures (TTP). Users of cyber threat intelligence may alter their behavior from a reactive stance to one more proactive. The ultimate goal of cyber threat intelligence analytical products is to definitively make proper attribution concerning the identities of the the threat actor(s) who was complicit in the malicious activity

Rationale for this Structured Analytical Thinking for Cyber/Security and Cyber Threat Intelligence People

The need for employment for people skilled in cybersecurity knowledge, skills, practices and experiences has seen dramatic growth, in both the US and in global settings. This domain for cybersecurity work is seen as increasing - and becoming both - more professionalized and characterized by specialization - i.e. developer operations, software engineering, information technology operations, operational technology specialists, network operations, cyber security staff, incident response specialists, computer forensics and computer audit staff and cyber threat intelligence personnel. Despite the needs for more professionalism, we have no widely agreed competency models or de facto community of practice. Cyber threat intelligence is a complex task domain that is not supported with attention to building a substantive and rich, foundational body of frameworks, models and techniques to support building increased levels of intelligence skills and techniques for new and experienced personnel working in this domain. We need to strive to rigorously increase our critical attention toward more robust analytical thinking, frameworks, practices and use of tools in cyber security and cyber threat intelligence professional tradecraft.

Structured analytical techniques for Cyber/Sec and Cyber Threat Intelligence Professionals

■ Cyber Security and Cyber Threat Intelligence are professionals and may be termed as modern-day examples of a “knowledge worker” or “symbol analyst. In their analytical role - they carry out complex multi-step operations, access large data stores, manipulates abstract symbols, addresses abstract and complex ideas, acquires new information, and must remain mindful enough to recognize discontinuities and substantive change.

■ Successful knowledge work, like all work, requires study, acquiring relevant knowledge, skills, experience and practice.

■ Cyber security and cyber threat intelligence professionalism calls for broad experience, acquisition of special skills, understanding of the analytical process and methodologies

■ The individual who is only interested in securing  or forensically assessing information technology, as central as it is to the various cyber security disciplines, is not fully a Cyber/Sec or Cyber Threat Intelligence Analyst professional.

■ Cyber threat intelligence is information about threats and threat actors that helps mitigate harmful events in cyberspace. Cyber threat intelligence sources include open-source intelligence, social media intelligence, human Intelligence, technical intelligence, forensically derived data, device logs or intelligence from the deep and dark web.

Structured Analytic Trade-craft for Cyber/Sec Professionals

■This intensive course serves as "box of analytical frameworks" to assist the Cyber/Sec analyst to mitigate adverse impact on rigorous analysis, constrained  by our  human cognitive limitations, failures, errors and pitfalls.

■The course presents structured analytic techniques and cases used in the Cyber/Sec professionals working in private sector, academia, and the intelligence professional settings.

■These are not a silver bullet  analytic methods for solving cyber/sec analytic problems. The most distinctive characteristic is that structured techniques help to decompose one's thinking in a manner that enables it to be reviewed, documented, assessed and critiqued. The pedagogy is derived from the "A Trade-craft Primer: Structured Analytic Techniques for Improving Intelligence Analysis" (CIA, 2009)

■Most people solve the wide range of cyber/sec problems intuitively, typically by use of trial and error. Structured analytical thinking presents some methods in which the human mind is in the habit of working. Structured analysis is a relatively new approach to cyber/sec intelligence analysis with the driving forces behind the use of these techniques being:

A Value Proposition for Studying Analytical Tradecraft for Cyber/Sec Professionals

■This XXX serves as "box of analytical frameworks" to assist the Cyber/Sec analyst to mitigate adverse impact on rigorous analysis, constrained  by our  human cognitive limitations and pitfalls.

■The XXX presents structured analytic techniques and cases used in the Cyber/Sec professionals working in private sector, academia, and the intelligence professional settings.

■These are not a silver bullet  analytic methods for solving cyber/sec analytic problems. The most distinctive characteristic is that structured techniques help to decompose one's thinking in a manner that enables it to be reviewed, documented, assessed and critiqued. The pedagogy is derived from the "A Tradecraft Primer: Structured Analytic Techniques for Improving Intelligence Analysis" (CIA, 2009)

■Most people solve the wide range of cyber/sec problems intuitively, typically by use of trial and error. Structured analytical thinking presents some methods in which the human mind is in the habit of working. Structured analysis is a relatively new approach to cyber/sec intelligence analysis with the driving forces behind the use of these techniques being:

• An increased understanding of some cognitive limitations and pitfalls that makes analysis problematic;
• Review some prominent intelligence failures that have prompted reexamination of how intelligence analysis is generated;
• United Stated Government policy support and technical support for inter-agency collaboration, law enforcement and
• Desire by policy makers, and users of intelligence analysis products that it be more rigorous, focused and transparent as to how analytical conclusions were derived.

Heuer's Structured Techniques Grouping follows:

1.Decomposition and Visualization: The number of things most people can keep in working memory at one time is seven, plus or minus two. Complexity increases geometrically as the number of variables increases. In other words, it is very difficult to do error-free analysis only in our heads.

2.Indicators, Signposts, Scenarios: The human mind tends to see what it expects to see and to overlook the unexpected. Change often happens so gradually that we do not see it, or we rationalize it as not being of fundamental importance until it is too obvious to ignore. Identification of indicators, signposts, and scenarios create an awareness that prepares the mind to recognize change.

3.Challenging Mindsets: A simple definition of a mindset is “a set of expectations through which a human being sees the world.” Our mindset, or mental model of how things normally work in another country, enables us to make assumptions that fill in the gaps when needed evidence is missing or ambiguous. When this set of expectations turns out to be wrong, it often leads to intelligence failure. Techniques for challenging mindsets include reframing the question in a way that helps break mental blocks.

4.Hypothesis Generation and Testing: “Satisficing” is the tendency to accept the first answer that comes to mind that is “good enough.” This is commonly followed by confirmation bias, which refers to looking at the evidence only from the perspective of whether or not it supports a preconceived answer.

5.Group Process Techniques: Just as analytic techniques provide structure to our individual thought processes; they also provide structure to the interaction of analysts within a team or group.

Structured Analytic Trade-craft Topics

1.What is Intelligence and what is Cyber Threat Intelligence?

2.Intelligence cycle and process

3.What is intelligence analysis, what can we learn for intelligence failures?

4.Intelligence as both an art and science

5.Methods, frameworks, structure and measures of quality

6.Structured analytical techniques

7.Developing research questions and corollaries

8.Problem definition and redefinition

9.Hypothesis development

10.Evidence development

11.Intelligence fusion process

12.Uses and misuses of teams

13.Professional writing for intelligence officers

14.Creating the intelligence products and types of report

15.Meta-conclusions and conclusions

Exemplary Tools

.