Building an Effective Cyber
Intel Program

Treadstone 71 LLC©
What is Cyber Intelligence?
The product resulting from the collection, evaluation, analysis, integration, and interpretati...
Personality Types
















ISTJ
Decide logically what should be done and work toward it
steadily, regardles...
Planning
 What issues need to be addressed?
 What information must be gathered?
 We begin by examining finished
intelli...
Collection - Gathering
 This stage covers the
acquisition of raw information.
 Information can be gathered
from open, co...
Processing
 The collection stage of the intelligence process typically yields large
amounts of unfiltered data, which req...
Cognition a term referring to
Production Line? isprocesses involved
the mental

 Analysis writing
 Reviewing
 Editing
...
Analysis
 The fourth stage of the intelligence cycle involves converting basic information into
finished documentation.
...
Analysis
 Finished Intelligence
 Synthesized raw
information
 Collected from multiple
sources
 Interpreted the
meaning...
Dissemination
 When information has been reviewed, processed,
correlated, analyzed, peer reviewed, re-analyzed
with data ...
Five Categories of Finished Intel
 Current Intelligence

Addresses day-to-day events.
 Estimative Intelligence

Looks ...
Inputs, Processes, and Outputs
Inputs, Processes, and Outputs
Summary







Cyber Intel – Cyber Espionage – Unified and understood taxonomy
Personality types to fit the roles an...
jbardin@treadstone71.com
www.treadstone71.com
888.714.0071
Upcoming SlideShare
Loading in …5
×

Building an Effective Cyber Intelligence Program

880 views

Published on

Published in: Technology, Education
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
880
On SlideShare
0
From Embeds
0
Number of Embeds
5
Actions
Shares
0
Downloads
48
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Building an Effective Cyber Intelligence Program

  1. 1. Building an Effective Cyber Intel Program Treadstone 71 LLC©
  2. 2. What is Cyber Intelligence? The product resulting from the collection, evaluation, analysis, integration, and interpretation of all available cyber and internet information that concerns one or more aspects of adversaries or of areas of operation. Immediately or potentially significant to planning, policies, decisions and courses of action.  Cyber = any process, program, or protocol relating to the use of the Internet or an intranet, automatic data processing or transmission, or telecommunication via the Internet or an intranet and any matter relating to, or involving the use of, computers or computer networks.  Cyber espionage (also spelled cyberespionage) involves the unauthorized probing to test a target computer’s configuration or evaluate its system defenses, or the unauthorized viewing and copying of data files.  Cyber espionage uses computer or related systems to collect intelligence or enable certain operations, whether in cyberspace or the real world.
  3. 3. Personality Types         ISTJ Decide logically what should be done and work toward it steadily, regardless of distractions. Take pleasure in making everything orderly and organized. ISFJ Thorough, painstaking, and accurate. Strive to create an orderly and harmonious environment at work and at home. INFJ Seek meaning and connection in ideas, relationships, and material possessions. Want to understand what motivates people and are insightful about others. INTJ Quickly see patterns in external events and develop longrange explanatory perspectives. Skeptical and independent. ISTP Analyze what makes things work and readily get through large amounts of data to isolate the core of practical problems. Interested in cause and effect, organize facts using logical principles, value efficiency ISFP Like to have their own space and to work within their own time frame. Dislike disagreements and conflicts, do not force their opinions or values on others. INFP Curious, quick to see possibilities, can be catalysts for implementing ideas. Seek to understand people and to help them fulfill their potential. INTP Seek to develop logical explanations. Have unusual ability to focus in depth to solve problems in their area of interest. Skeptical, sometimes critical, always analytical.         ESTP Theories and conceptual explanations bore them – want to act energetically to solve the problem. Learn best thru doing. ESFP Bring common sense & a realistic approach to their work, and make work fun. Learn best by trying a new skill with other people. ENFP Make connections between events/information very quickly, and confidently proceed based on the patterns they see. ENTP Resourceful in solving new/challenging problems. Adept at generating conceptual possibilities and then analyzing them strategically. Good at reading other people. Bored by routine. ESTJ Organize projects/people to get things done, focus on getting results most efficiently. Take care of routine details. Have a clear set of logical standards, systematically follow them ESFJ Like to work with others to complete tasks accurately and on time. ENFJ Find potential in everyone, want to help others fulfill their potential. Sociable, facilitate others in a group, and provide inspiring leadership. ENTJ Quickly see illogical and inefficient procedures and policies, develop and implement comprehensive systems to solve organizational problems. Enjoy long-term planning and goal setting. Usually well informed, well read, enjoy expanding their knowledge and passing it on to others. Forceful in presenting their ideas
  4. 4. Planning  What issues need to be addressed?  What information must be gathered?  We begin by examining finished intelligence from previous cycles,  In this way, the end of one intelligence cycle fuels another.  What is leaderships priority intelligence requirement?  This stage depends on guidance from leadership.  Leadership initiates calls for intelligence.  Coordinate with government and private groups.  These needs then guide collection strategies and allow us to produce the appropriate intelligence products.  It must be actionable   • • • Recommendations Opportunities Focus on leadership concerns Avoid personal agendas Communicate policy (leadership) - support Timeliness. Intelligence must be available when leadership requires it. Late intelligence is as useless as no intelligence.
  5. 5. Collection - Gathering  This stage covers the acquisition of raw information.  Information can be gathered from open, covert, electronic, and satellite sources. •  Reading newspapers and magazine articles, listening to radio, and watching television broadcasts are examples of “overt” (or open) sources for us. (there is much more)  We collect with technologies feeding logs and correlating data points into information.  We can create honeypots, nets, docs for attribution.  We can collect from social networks. Intellectual Rigor Accuracy. To be accurate, intelligence must be objective. It must be free from any political or other constraint and must not be distorted by pressure to conform with the positions held by higher levels of leadership
  6. 6. Processing  The collection stage of the intelligence process typically yields large amounts of unfiltered data, which requires organization.  Resources are devoted to the synthesis of this data into a form intelligence analysts can use.  Information filtering techniques include exploiting open source intel;        • • decoding messages and translating broadcasts; reducing logs to meaningful measures; integrating data from multiple sources; organizing for trends, patterns, tendencies; preparing information for computer processing; storage and retrieval; and placing human-source reports into a form and context to make them more comprehensible Consider other judgments Use outside experts Usability. Intelligence must be tailored to the specific needs of leadership and provided in forms suitable for immediate comprehension.
  7. 7. Cognition a term referring to Production Line? isprocesses involved the mental  Analysis writing  Reviewing  Editing  Publishing in gaining knowledge and comprehension, including thinking, knowing, remembering, judging and problem-solving. These are higher-level functions of the brain and encompass language, imagination, perception and planning.  … More like collecting and interpreting incoming data and constantly reassessing how new info reorganizes and interprets the new data  … Data sharing, hypotheses sharing, interpretations and questions amongst analysts and others  This is where the real insightful cognition occurs Completeness. Complete intelligence informs leadership of the possible courses of action that are available to the adversary. When justified by the available evidence, intelligence must forecast future adversary actions and intentions.
  8. 8. Analysis  The fourth stage of the intelligence cycle involves converting basic information into finished documentation.    Integrating, evaluating, and analyzing all available data—which is often fragmented and even contradictory and distilling it into the final intelligence products highlight information on topics of immediate importance or make long-range assessments.  Analysts, who are subject-matter specialists   absorb incoming information, evaluate it, produce an assessment of the current state of affairs within an assigned field or substantive area, then forecast future trends or outcomes.  They integrate data into a coherent whole, put the evaluated information in context, and produce finished intelligence that includes assessments of events and judgments about the implications of the information. • • Collective responsibility for judgments Candidly admit mistakes Relevance. Intelligence must be relevant to the planning and execution
  9. 9. Analysis  Finished Intelligence  Synthesized raw information  Collected from multiple sources  Interpreted the meaning of the info in the context of your leaderships concerns and needs
  10. 10. Dissemination  When information has been reviewed, processed, correlated, analyzed, peer reviewed, re-analyzed with data from other available sources, it is called finished intelligence  Disseminated directly to the same leadership whose initial needs generated the priority intelligence requirements.  Finished intelligence is    Hand-carried to the organizational leadership on a daily basis. Leadership then make decisions based on this information. These decisions may lead to requests for further examination, thus triggering the intelligence cycle again. Timely – Accurate – Usable – Complete – Relevant Recommendations – Opportunities - Actionable
  11. 11. Five Categories of Finished Intel  Current Intelligence  Addresses day-to-day events.  Estimative Intelligence  Looks forward to assess potential developments that could affect organizational security.  Warning Intelligence  Sounds an alarm or gives notice to leadership. It suggests urgency and implies the potential need to respond with policy action.  Research Intelligence  Research supports both current and estimative intelligence and is divided into two specialized subcategories:  Basic intelligence  Primarily consists of the structured collection of technical, geographic, demographic, social, and political data on adversaries  Intelligence for operational support  Tailored, focused, and rapidly produced intelligence for planners and operators that incorporates all types of intelligence production-current, estimative, warning, research, and scientific and technical.  Scientific and Technical Intelligence  Includes an examination of the technical development, characteristics, performance, and capabilities of foreign
  12. 12. Inputs, Processes, and Outputs
  13. 13. Inputs, Processes, and Outputs
  14. 14. Summary       Cyber Intel – Cyber Espionage – Unified and understood taxonomy Personality types to fit the roles and lifecycle Organizational structure based upon the process – the lifecycle Types of finished intel The flow Summary
  15. 15. jbardin@treadstone71.com www.treadstone71.com 888.714.0071

×