Cyber Threat Intelligence

Learn all about Cyber Threat Intelligence with great free learning resources on the Upskilld Cyber Learning Library.

Cyber Threat Intelligence

Provided by Randolph H Pherson

Analyst's Guide to Indicators

From the publisher - Analyst’s Guide to Indicators provides definitions for different types of indicators, reviews when best to use them, suggests several techniques for generating and validating them, shows optimal ways to present them, and describes how indicators add value to your analysis. The Guide treats evaluative and descriptive indicators most often used by medical professionals and law enforcement analysts and warning and estimative indicators commonly used in the intelligence community and the business world separately.

Cyber Threat Intelligence

Provided by U.S. Intelligence Careers

How Intelligence Works - The Intelligence Cycle

From the US government Intelligence Careers website. The Intelligence Community is responsible for supplying accurate and usable information to those who make national security decisions. Generating reliable, accurate intelligence is an active, never-ending process commonly referred to as the intelligence cycle. Explore what goes into each step of the process.

Cyber Threat IntelligenceIndustrial Control Systems and Operational Technology

Provided by Dragos Inc

Industrial Control Threat Intelligence Whitepaper

A whitepaper on cyber threat intelligence for industrial control system environments by Sergio Caltagirone of Dragos Inc.

Cyber Threat Intelligence

Provided by CIA - Center for the Study of Intelligence

Psychology of Intelligence Analysis

Published by the CIA, this book by Richards J. Heuer, Jr. is recommended for anyone interested in intelligence. Although it is focused on the broader field of intelligence analysis (rather than cyber threat intelligence specifically), the concepts are still very applicable.

Cyber Threat Intelligence

Provided by CIA - Center for the Study of Intelligence

Sherman Kent and the Profession of Intelligence Analysis

Sherman Kent is is often described as "the father of intelligence analysis". This paper sets out Kent's includes an overview of Kent's analytic doctrine: 'Focus on Policymaker Concerns', 'Avoidance of a Personal Policy Agenda', 'Intellectual Rigor', 'Conscious Effort to Avoid Analytic Biases', 'Willingness to Consider Other Judgments', 'Systematic Use of Outside Experts', 'Collective Responsibility for Judgment', 'Effective communication of policy-support information and judgments', 'Candid Admission of Mistakes'.

Cyber Threat Intelligence

Provided by Randolph H. Pherson and Richards J. Heuer Jr.

Structured Analytic Techniques for Intelligence Analysis

This book describes a range of structured analytics for applying to intelligence analysis.

Cyber Threat IntelligenceNetwork Defense

Provided by Chris Sanders

The Cuckoo’s Egg Decompiled Course

In the 1980’s, Cliff Stoll discovered a $0.75 accounting error on the computer systems he managed at Lawrence Berkeley Laboratory. This small discovery would eventually lead him on the year-long pursuit of a group of five KGB sponsored hackers who managed to access numerous US government and military networks. His story has inspired countless people to pursue the profession of information security. The Cuckoo’s Egg Decompiled is a free online course designed to provide an introduction to information security, as told through the lens of Cliff Stoll’s “The Cuckoo’s Egg” book.

Cyber Threat Intelligence

Provided by Active Response

The Diamond Model of Intrusion Analysis [PDF]

This paper sets out a foundational approach to conducting cyber threat intelligence analysis. The Diamond Model is widely used and referenced across the industry. It was written by Sergio Caltagirone, Andrew Pendergast and Christopher Betz. Abstract Excerpt: This paper presents a novel model of intrusion analysis built by analysts, derived from years of experience, asking the simple question, “What is the underlying method to our work?” The model establishes the basic atomic element of any intrusion activity, the event, composed of four core features: adversary, infrastructure, capability, and victim. These features are edge-connected representing their underlying relationships and arranged in the shape of a diamond, giving the model its name: the Diamond Model.

Cyber Threat Intelligence

Provided by Mandiant

The Mandiant Cyber Threat Intelligence (CTI) Analyst Core Competencies Framework

The Mandiant Cyber Threat Intelligence (CTI) Analyst Core Competencies Framework has three primary goals: empower organizations to identify areas for team or individual growth, determine appropriate development roadmaps, and align internal, external, or on-the-job training opportunities to ensure CTI skills progression; provide a guidepost for aspirant CTI analysts to tailor their studies; assist network defenders in understanding the roles and responsibilities of a CTI analyst to improve collaboration between disciplines. The framework groups competencies into four foundational pillars: Problem Solving, Professional Effectiveness, Technical Literacy, and Cyber Threat Proficiency. Each competency is then broken out into one or more series of skills with some competencies more prescriptive than others.