This course provides tradecraft training along the intelligence lifecycle including collection methods, techniques, planning, PIRs, and collection tools and targeting. Intelligence production methods and process flows are covered as well as evidence credibility, reliability, denial and deception, and confidence levels.
Students are required to demonstrate understanding and use structured analytic techniques as well as various types of analysis including synthesis and fusion of data and information into actionable intelligence. The class covers methods of adapting TTPs and IoCs for hunt and detect and interfaces to incident response.
The course includes case studies covering adversary campaign research and analysis, historical trending, and passive adversary collection. Students will be instructed in applying analytic techniques, when and how to use analytic techniques and analytic types. Students are presented several case studies for analysis, required to use tradecraft methods, and provide written reports in standard analytic format will dissemination the reports to stakeholders.
6 day instructor led.
- Develop skills in Collection Methods and Techniques, Collection Planning, PIRs, Collection Process Flow, Collection Tools and Targeting, Alignment with Hunt and Detect Needs, Ties to CSIRT, TTPs, IoCs, Threat Intelligence, Open Source Intelligence, All-Source Intelligence, Standard Glossary and Taxonomy.
- Learn Organization, Production, and Structured Analytic Techniques, Use of Techniques, Production Management, Critical Thinking, Process Flow, Metrics, Intake forms, and templates.
- Define Types and Methods of Analysis, Decomposition, Recomposition, Methods for Fusion, Case Studies in Analysis, Cognitive Bias, Credibility and Reliability of Sources, Confidence Levels, Analysis of Competing Hypothesis, SOPs, Flow into Hunt, Detect, CSIRT, TTPs, IoCs, Inductive/Abductive/Deductive Reasoning, Historic trending and campaign analysis, Intelligence for organizational resilience.
- Participate in and demonstrate how to Identifying Your Consumers, Stakeholder Identification, and Analysis, Standing Orders from Leadership, Analytic Writing, BLUF, AIMS, Types of Reports, Product Line Mapping / Report Serialization, and Dissemination, Cyber and Threat Intelligence Program Strategic Plan, Goals, Objectives, Cyber Operations Order (Cyber OPORD).
If you would like to provide feedback for this course, please e-mail the NICCS SO at NICCS@hq.dhs.gov.