building an effective cyber intelligence program
Post on 21-Nov-2014
419 Views
Preview:
DESCRIPTION
TRANSCRIPT
Building an Effective Cyber Intel Program
Treadstone 71 LLC©
What is Cyber Intelligence?
The product resulting from the collection, evaluation, analysis, integration, and interpretation of all available cyber and internet information that concerns one or more aspects of adversaries or of areas of operation.
Immediately or potentially significant to planning, policies, decisions and courses of action.
Cyber = any process, program, or protocol relating to the use of the Internet or an intranet, automatic data processing or transmission, or telecommunication via the Internet or an intranet and any matter relating to, or involving the use of, computers or computer networks.
Cyber espionage (also spelled cyberespionage) involves the unauthorized probing to test a target computer’s configuration or evaluate its system defenses, or the unauthorized viewing and copying of data files.
Cyber espionage uses computer or related systems to collect intelligence or enable certain operations, whether in cyberspace or the real world.
Personality Types ISTJ
Decide logically what should be done and work toward it steadily, regardless of distractions. Take pleasure in making everything orderly and organized.
ISFJThorough, painstaking, and accurate. Strive to create an orderly and harmonious environment at work and at home.
INFJSeek meaning and connection in ideas, relationships, and material possessions. Want to understand what motivates people and are insightful about others.
INTJQuickly see patterns in external events and develop long-range explanatory perspectives. Skeptical and independent.
ISTPAnalyze what makes things work and readily get through large amounts of data to isolate the core of practical problems. Interested in cause and effect, organize facts using logical principles, value efficiency
ISFPLike to have their own space and to work within their own time frame. Dislike disagreements and conflicts, do not force their opinions or values on others.
INFPCurious, quick to see possibilities, can be catalysts for implementing ideas. Seek to understand people and to help them fulfill their potential.
INTPSeek to develop logical explanations. Have unusual ability to focus in depth to solve problems in their area of interest. Skeptical, sometimes critical, always analytical.
ESTPTheories and conceptual explanations bore them – want to act energetically to solve the problem. Learn best thru doing.
ESFPBring common sense & a realistic approach to their work, and make work fun. Learn best by trying a new skill with other people.
ENFPMake connections between events/information very quickly, and confidently proceed based on the patterns they see.
ENTPResourceful in solving new/challenging problems. Adept at generating conceptual possibilities and then analyzing them strategically. Good at reading other people. Bored by routine.
ESTJOrganize projects/people to get things done, focus on getting results most efficiently. Take care of routine details. Have a clear set of logical standards, systematically follow them
ESFJLike to work with others to complete tasks accurately and on time.
ENFJFind potential in everyone, want to help others fulfill their potential. Sociable, facilitate others in a group, and provide inspiring leadership.
ENTJQuickly see illogical and inefficient procedures and policies, develop and implement comprehensive systems to solve organizational problems. Enjoy long-term planning and goal setting. Usually well informed, well read, enjoy expanding their knowledge and passing it on to others. Forceful in presenting their ideas
Planning What issues need to be addressed? What information must be gathered? We begin by examining finished
intelligence from previous cycles, In this way, the end of one
intelligence cycle fuels another. What is leaderships priority
intelligence requirement?
This stage depends on guidance from leadership.
Leadership initiates calls for intelligence. Coordinate with government and private
groups. These needs then guide collection
strategies and allow us to produce the appropriate intelligence products.
It must be actionable Recommendations Opportunities
• Focus on leadership concerns• Avoid personal agendas• Communicate policy (leadership) - support
Timeliness. Intelligence must be available when leadership requires it. Late intelligence is as useless as no intelligence.
Collection - Gathering This stage covers the
acquisition of raw information. Information can be gathered
from open, covert, electronic, and satellite sources.
Reading newspapers and magazine articles, listening to radio, and watching television broadcasts are examples of “overt” (or open) sources for us. (there is much more)
We collect with technologies feeding logs and correlating data points into information.
We can create honeypots, nets, docs for attribution.
We can collect from social networks.
• Intellectual RigorAccuracy. To be accurate, intelligence must be objective. It must be free from any political or other constraint and must not be distorted by pressure to conform with the positions held by higher levels of leadership
Processing The collection stage of the intelligence process typically yields large
amounts of unfiltered data, which requires organization. Resources are devoted to the synthesis of this data into a form
intelligence analysts can use. Information filtering techniques include exploiting open source intel;
decoding messages and translating broadcasts; reducing logs to meaningful measures; integrating data from multiple sources; organizing for trends, patterns, tendencies; preparing information for computer processing; storage and retrieval; and placing human-source reports into a form and context to make them more
comprehensible
• Consider other judgments• Use outside experts
Usability. Intelligence must be tailored to the specific needs of leadership and provided in forms suitable for immediate comprehension.
Production Line? Analysis writing Reviewing Editing Publishing
… More like collecting and interpreting incoming data and constantly reassessing how new info reorganizes and interprets the new data
… Data sharing, hypotheses sharing, interpretations and questions amongst analysts and others This is where the real insightful cognition occurs
Cognition is a term referring to the mental processes involved
in gaining knowledge and comprehension, including
thinking, knowing, remembering, judging and problem-solving. These are higher-level functions of the
brain and encompass language, imagination, perception and
planning.
Completeness. Complete intelligence informs leadership of the possible courses of action that are available to the adversary. When justified by the available evidence, intelligence must forecast future adversary actions and intentions.
Analysis The fourth stage of the intelligence cycle involves converting basic information into
finished documentation. Integrating, evaluating, and analyzing all available data—which is often fragmented and even
contradictory and distilling it into the final intelligence products highlight information on topics of immediate importance or make long-range assessments.
Analysts, who are subject-matter specialists absorb incoming information, evaluate it, produce an assessment of the current state of affairs within an
assigned field or substantive area, then forecast future trends or outcomes.
They integrate data into a coherent whole, put the evaluated information in context, and produce finished intelligence that includes assessments of events and judgments about the implications of the information.
• Collective responsibility for judgments• Candidly admit mistakes
Relevance. Intelligence must be relevant to the planning and execution
Analysis Finished Intelligence
Synthesized raw information
Collected from multiple sources
Interpreted the meaning of the info in the context of your leaderships concerns and needs
Dissemination When information has been reviewed, processed,
correlated, analyzed, peer reviewed, re-analyzed with data from other available sources, it is called finished intelligence
Disseminated directly to the same leadership whose initial needs generated the priority intelligence requirements.
Finished intelligence is Hand-carried to the organizational leadership on a daily
basis. Leadership then make decisions based on this
information. These decisions may lead to requests for further
examination, thus triggering the intelligence cycle again.
Timely – Accurate – Usable – Complete – RelevantRecommendations – Opportunities - Actionable
Five Categories of Finished Intel Current Intelligence
Addresses day-to-day events. Estimative Intelligence
Looks forward to assess potential developments that could affect organizational security. Warning Intelligence
Sounds an alarm or gives notice to leadership. It suggests urgency and implies the potential need to respond with policy action.
Research Intelligence Research supports both current and estimative intelligence and is divided into two
specialized subcategories: Basic intelligence
Primarily consists of the structured collection of technical, geographic, demographic, social, and political data on adversaries
Intelligence for operational support Tailored, focused, and rapidly produced intelligence for planners and operators
that incorporates all types of intelligence production-current, estimative, warning, research, and scientific and technical.
Scientific and Technical Intelligence Includes an examination of the technical development, characteristics, performance, and
capabilities of foreign
Inputs, Processes, and Outputs
Inputs, Processes, and Outputs
Summary Cyber Intel – Cyber Espionage – Unified and understood taxonomy Personality types to fit the roles and lifecycle Organizational structure based upon the process – the lifecycle Types of finished intel The flow Summary
jbardin@treadstone71.comwww.treadstone71.com888.714.0071
top related