Cyber Threat Intelligence

Subject Area


Learning Resources

Learn more by checking out these great sites.

How Intelligence Works - The Intelligence Cycle

learning-resource

From the US government Intelligence Careers website. The Intelligence Community is responsible for supplying accurate and usable information to those who make national security decisions. Generating reliable, accurate intelligence is an active, never-ending process commonly referred to as the intelligence cycle. Explore what goes into each step of the process.

Visit Website

Industrial Control Threat Intelligence Whitepaper

learning-resource

A whitepaper on cyber threat intelligence for industrial control system environments by Sergio Caltagirone of Dragos Inc.

Visit Website

Psychology of Intelligence Analysis

learning-resource

Published by the CIA, this book by Richards J. Heuer, Jr. is recommended for anyone interested in intelligence. Although it is focused on the broader field of intelligence analysis (rather than cyber threat intelligence specifically), the concepts are still very applicable.

Visit Website

Sherman Kent and the Profession of Intelligence Analysis

learning-resource

Sherman Kent is is often described as "the father of intelligence analysis". This paper sets out Kent's includes an overview of Kent's analytic doctrine: 'Focus on Policymaker Concerns', 'Avoidance of a Personal Policy Agenda', 'Intellectual Rigor', 'Conscious Effort to Avoid Analytic Biases', 'Willingness to Consider Other Judgments', 'Systematic Use of Outside Experts', 'Collective Responsibility for Judgment', 'Effective communication of policy-support information and judgments', 'Candid Admission of Mistakes'.

Visit Website

The Cuckoo's Egg Decompiled Course

learning-resource

In the 1980’s, Cliff Stoll discovered a $0.75 accounting error on the computer systems he managed at Lawrence Berkeley Laboratory. This small discovery would eventually lead him on the year-long pursuit of a group of five KGB sponsored hackers who managed to access numerous US government and military networks. His story has inspired countless people to pursue the profession of information security. The Cuckoo’s Egg Decompiled is a free online course designed to provide an introduction to information security, as told through the lens of Cliff Stoll’s “The Cuckoo’s Egg” book.

Visit Website

The Diamond Model of Intrusion Analysis [PDF]

learning-resource

This paper sets out a foundational approach to conducting cyber threat intelligence analysis. The Diamond Model is widely used and referenced across the industry. It was written by Sergio Caltagirone, Andrew Pendergast and Christopher Betz. Abstract Excerpt: This paper presents a novel model of intrusion analysis built by analysts, derived from years of experience, asking the simple question, “What is the underlying method to our work?” The model establishes the basic atomic element of any intrusion activity, the event, composed of four core features: adversary, infrastructure, capability, and victim. These features are edge-connected representing their underlying relationships and arranged in the shape of a diamond, giving the model its name: the Diamond Model.

Visit Website

The Mandiant Cyber Threat Intelligence (CTI) Analyst Core Competencies Framework

learning-resource

The Mandiant Cyber Threat Intelligence (CTI) Analyst Core Competencies Framework has three primary goals: empower organizations to identify areas for team or individual growth, determine appropriate development roadmaps, and align internal, external, or on-the-job training opportunities to ensure CTI skills progression; provide a guidepost for aspirant CTI analysts to tailor their studies; assist network defenders in understanding the roles and responsibilities of a CTI analyst to improve collaboration between disciplines. The framework groups competencies into four foundational pillars: Problem Solving, Professional Effectiveness, Technical Literacy, and Cyber Threat Proficiency. Each competency is then broken out into one or more series of skills with some competencies more prescriptive than others.

Visit Website