This document provides an introduction to a training on disinformation and malign influence hosted by the Disarm Foundation in 2022. It outlines the course structure, objectives, schedule and project. The course will define cognitive security and explain how it relates to information security. It will cover topics like influence operations, narratives, behaviors and risk assessment. Participants will complete exercises after each session and work on a course project to analyze an information harm incident of their choice. The goal is to help participants understand and respond to disinformation threats.
The document provides an overview of techniques for analyzing influence and disinformation through social network analysis. It discusses how to collect Twitter data using code, create graphs of user relationships in Gephi, and analyze the graphs to identify influential users and communities. It also describes how to use tools like Botometer to investigate suspicious accounts and explore URLs and hashtags of interest found through the network analysis. Exercises guide using search terms to explore graphs created from Twitter data, identify influential users, and investigate artifacts within the networks.
The document discusses risk assessment for disinformation and malign influence operations. It covers several risk frameworks including FAIR and FullFact. FAIR involves assessing likelihood, exposure, and loss to determine risk levels. FullFact separates risk into 5 levels based on criteria like reach and urgency. The document also discusses calculating potential harms across different domains. Contributor frameworks for analyzing influence operations like ABC and ABCDE are presented. Finally, the document describes conducting a purple team exercise to evaluate risk assessment scenarios.
The document discusses cognitive security and the activities of the DISARM Foundation. It defines cognitive security as applying information security principles to misinformation, disinformation, and influence operations. It outlines the information, threat, and response landscapes relevant to cognitive security. It then describes the DISARM Foundation's work in communities, collaborations, mentoring, and research over the past year related to cognitive security and disinformation risk assessment.
This document provides guidance on data collection for analyzing disinformation and malign influence. It discusses supported analysis including threat intelligence, intelligence analysis, open-source intelligence (OSINT), and data science. It describes tactical tasks like credibility verification, network detection, and activity analysis. Toolsets are presented for data gathering from social media and the web, data storage and sharing, information sharing, and response. Methods of automated data collection using APIs and scrapers as well as manual data collection through OSINT techniques are covered. Formats for structured data like JSON, XML, and CSV are demonstrated.
The document discusses narratives and disinformation. It defines narratives as stories that people tell themselves about their identity, community, and world. Narratives are important tools that can be used strategically by those creating disinformation. The document outlines several models for understanding narratives, such as the 4D model describing how disinformation dismisses, distorts, distracts, and dismay. It also discusses ways to counter disinformation narratives, such as debunking, injecting truthful information, prebunking to inoculate against false claims, and engaging respectfully with those promoting misleading narratives. The overall document provides an overview of how narratives are used in information operations and strategies for analyzing and responding to disinformation campaigns.
The document discusses disinformation behaviors and response strategies. It describes building behavior models to understand influence chains and map the disinformation risk landscape. It then covers mitigation behaviors like developing counter-narratives and response behaviors such as prebunking, applying warning labels, and improving coordination between stakeholders. The document advocates developing response plans and counter-techniques to disrupt all phases of the "kill chain" influence model, from planning to evaluation.
The document provides an overview of the threat environment related to disinformation and malign influence. It discusses various threat components including threat actors like nation-states, disinformation entrepreneurs, and disinformation as a service companies. It also covers threat models, narratives, behaviors, tools, scales, and automation used in disinformation campaigns. The document provides examples of threat landscapes and describes components to consider, such as motivations, actors, activities, potential harms, sources, and routes of disinformation. It also discusses business aspects of the disinformation threat including markets for disinformation as a service and adjacent markets.
SJ Terp is an expert in cognitive security who has worked on disinformation response for the European Union, UNDP, and other organizations. They teach cognitive security courses focused on defending against disinformation, and research related topics including risk frameworks and countermeasure strategies. Their work emphasizes adapting information security principles and practices to address high-volume disinformation threats online.
The document provides an overview of techniques for analyzing influence and disinformation through social network analysis. It discusses how to collect Twitter data using code, create graphs of user relationships in Gephi, and analyze the graphs to identify influential users and communities. It also describes how to use tools like Botometer to investigate suspicious accounts and explore URLs and hashtags of interest found through the network analysis. Exercises guide using search terms to explore graphs created from Twitter data, identify influential users, and investigate artifacts within the networks.
The document discusses risk assessment for disinformation and malign influence operations. It covers several risk frameworks including FAIR and FullFact. FAIR involves assessing likelihood, exposure, and loss to determine risk levels. FullFact separates risk into 5 levels based on criteria like reach and urgency. The document also discusses calculating potential harms across different domains. Contributor frameworks for analyzing influence operations like ABC and ABCDE are presented. Finally, the document describes conducting a purple team exercise to evaluate risk assessment scenarios.
The document discusses cognitive security and the activities of the DISARM Foundation. It defines cognitive security as applying information security principles to misinformation, disinformation, and influence operations. It outlines the information, threat, and response landscapes relevant to cognitive security. It then describes the DISARM Foundation's work in communities, collaborations, mentoring, and research over the past year related to cognitive security and disinformation risk assessment.
This document provides guidance on data collection for analyzing disinformation and malign influence. It discusses supported analysis including threat intelligence, intelligence analysis, open-source intelligence (OSINT), and data science. It describes tactical tasks like credibility verification, network detection, and activity analysis. Toolsets are presented for data gathering from social media and the web, data storage and sharing, information sharing, and response. Methods of automated data collection using APIs and scrapers as well as manual data collection through OSINT techniques are covered. Formats for structured data like JSON, XML, and CSV are demonstrated.
The document discusses narratives and disinformation. It defines narratives as stories that people tell themselves about their identity, community, and world. Narratives are important tools that can be used strategically by those creating disinformation. The document outlines several models for understanding narratives, such as the 4D model describing how disinformation dismisses, distorts, distracts, and dismay. It also discusses ways to counter disinformation narratives, such as debunking, injecting truthful information, prebunking to inoculate against false claims, and engaging respectfully with those promoting misleading narratives. The overall document provides an overview of how narratives are used in information operations and strategies for analyzing and responding to disinformation campaigns.
The document discusses disinformation behaviors and response strategies. It describes building behavior models to understand influence chains and map the disinformation risk landscape. It then covers mitigation behaviors like developing counter-narratives and response behaviors such as prebunking, applying warning labels, and improving coordination between stakeholders. The document advocates developing response plans and counter-techniques to disrupt all phases of the "kill chain" influence model, from planning to evaluation.
The document provides an overview of the threat environment related to disinformation and malign influence. It discusses various threat components including threat actors like nation-states, disinformation entrepreneurs, and disinformation as a service companies. It also covers threat models, narratives, behaviors, tools, scales, and automation used in disinformation campaigns. The document provides examples of threat landscapes and describes components to consider, such as motivations, actors, activities, potential harms, sources, and routes of disinformation. It also discusses business aspects of the disinformation threat including markets for disinformation as a service and adjacent markets.
SJ Terp is an expert in cognitive security who has worked on disinformation response for the European Union, UNDP, and other organizations. They teach cognitive security courses focused on defending against disinformation, and research related topics including risk frameworks and countermeasure strategies. Their work emphasizes adapting information security principles and practices to address high-volume disinformation threats online.
Cyber Threat Intelligence (CTI) primarily focuses on analysing raw data gathered from recent and past events to monitor, detect and prevent threats to an organisation, shifting the focus from reactive to preventive intelligent security measures.
This document outlines a presentation on threat hunting with Splunk. The presenter is Ken Westin, a security strategist at Splunk with over 20 years of experience in technology and security. The agenda includes an overview of threat hunting basics and data sources, examining the cyber kill chain through a hands-on attack scenario using Splunk, and advanced threat hunting techniques including machine learning. Log-in credentials are provided for access to hands-on demo environments related to the presentation.
Cyber threat intelligence: maturity and metricsMark Arena
From SANS Cyber Threat Intelligence Summit 2016. What are the characteristics of a mature cyber threat intelligence program, and how do you develop meaningful metrics? Traditionally, intelligence has been about providing decision
support to executives whilst the field of cyber threat intelligence supports this customer, and network defenders, who have different requirements. By using the intelligence cycle, this talk will
seek to help attendees understand how they can identify what a mature intelligence program looks like and the steps to take their program to the next level.
Cyber Threat Intelligence - It's not just about the feedsIain Dickson
The document discusses cyber threat intelligence and how it can support defensive cyber operations. It defines cyber threat intelligence and outlines different data source types that can be used, including internal incident data and external threat intelligence. It describes the Lockheed Martin Cyber Kill Chain and Diamond Models for structuring threat information and identifying gaps. Actionable threat intelligence requires both internal and external data across the cyber kill chain phases to generate useful context. Threat intelligence can help with incident response, penetration testing, and establishing an intelligence-led defensive posture focused on the most relevant threats.
disinformation risk management: leveraging cyber security best practices to s...Sara-Jayne Terp
This document discusses leveraging cybersecurity best practices to support cognitive security goals related to disinformation and misinformation. It outlines three layers of security - physical, cyber, and cognitive security. It then provides examples of cognitive security risk assessment and mapping the risk landscape. Next, it discusses working together to mitigate and respond to risks through proposed cognitive security operations centers. Finally, it provides a hypothetical example of conducting a country-level risk assessment and designing a response strategy. The document advocates adapting frameworks and standards from cybersecurity to help conceptualize and coordinate cognitive security challenges and responses.
Cyber Resilience presented at the Malta Association of Risk Management (MARM) Cybercrime Seminar of 24 June 2013 by Mr Donald Tabone. Mr Tabone, Associate Director and Head of Information Protection and Business Resilience Services at KPMG Malta, presented a six-point action plan corporate entities can follow in order to reach a sustainable level of cyber resilience.
ATT&CKing Your Adversaries - Operationalizing cyber intelligence in your own ...JamieWilliams130
This document discusses operationalizing cyber threat intelligence by emulating adversary behaviors. It explains how to take cyber threat intelligence and map behaviors to the MITRE ATT&CK framework. Specific focus is given to the "Process Doppelgänging" technique, including understanding the behavior, potential detections, and emulating the behavior. The importance of fully emulating operations and expanding emulations through tools like Caldera is also covered.
MITRE ATT&CKcon 2.0: State of the ATT&CK; Blake Strom, MITREMITRE - ATT&CKcon
This document provides an overview and update on the MITRE ATT&CK framework. It discusses the growth and updates made to ATT&CK in 2019, including the addition of 43 new techniques and 1 new tactic. It also previews upcoming work on implementing sub-techniques to provide more granular detail within techniques, and expanding ATT&CK to new domains like cloud computing and industrial control systems. The large community contribution to ATT&CK is also acknowledged.
The document discusses cyber threat intelligence and collaborative threat intelligence. It provides an overview of malware trends, requirements for developing threat intelligence capabilities, and principles for managing threat intelligence proactively. The document advocates for a collaborative threat intelligence framework to enable preventative response by identifying and blocking known attackers across multiple organizations through automated and real-time threat information sharing. Standards and tools discussed include IODEF, CIF and how CIF can be used to gather, identify, respond to and mitigate threats based on indicators collected from various sources.
In today’s connected world, cyber security is a topic that nobody can afford to ignore. In recent years the number and frequency of attacks on industrial devices and other critical infrastructure has risen dramatically. Recent news stories about hackers shutting down critical infrastructure have left many companies wondering if they are vulnerable to similar attacks. In this webinar we will discuss the most common security threats and unique challenges in securing industrial networks. We will introduce the current standards and share some useful resources and best practices for addressing industrial cyber security.
Key Takeaways:
1. Gain perspective regarding common security threats facing industrial networks.
2. Learn about the relevant standards governing industrial cyber security.
3. Increase understanding of some best practices for securing industrial networks.
This document discusses cyber resilience frameworks. It defines cyber resilience as the ability to continuously deliver intended outcomes despite adverse cyber events. Cyber resilience involves people, processes, technology, and facilities working together. Frameworks like NIST SP 800-160 v2, the DHS Cyber Resilience Review, and the MITRE Cyber Resiliency Engineering Framework provide guidance on implementing cyber resilience. NIST focuses on engineering systems for resilience while DHS assesses operational readiness and MITRE emphasizes anticipating, withstanding, recovering from, and adapting to cyber attacks. The document compares cybersecurity to cyber resilience and explains how the frameworks help organize concepts to improve cyber defenses.
6 Steps for Operationalizing Threat IntelligenceSirius
The best form of defense against cyber attacks and those who perpetrate them is to know about them. Collaborative defense has become critical to IT security, and sharing threat intelligence is a force multiplier. But for many organizations, good quality intelligence is hard to come by.
Commercial threat intelligence technology and services can help enterprises arm themselves with the strategic, tactical and operational insights they need to identify and respond to global threat activity, and integrate intelligence into their security programs.
Threat intelligence sources have varying levels of relevance and context, and there are concerns about data quality and redundancy, shelf life, public/private data sharing, and threat intelligence standards. However, if processed and applied properly, threat intelligence provides a way for organizations to get the insight they need into attackers’ plans, prioritize and respond to threats, shorten the time between attack and detection, and focus staff efforts and decision-making.
View to learn:
--The difference between threat information and threat intelligence.
--Available sources of intelligence and how to determine if they apply to your business.
--Key steps for preparing to ingest threat information and turn it into intelligence.
--How to derive useful data that helps you achieve your business goals.
--Tools that are available to make collaboration easier.
The document summarizes Jisc's cyber security strategy and services. It establishes a cyber security division in 2017 to consolidate security functions. It defends against threats through incident response, investigates distributed denial of service attacks, and provides professional security services like penetration testing. It also shares threat intelligence and has a roadmap for future services around DNS, firewalls, and digital forensics.
Cyber Threat Intelligence: Who is Targeting your Information? Control Risks
This document is copyrighted material from Control Risks Group Limited pertaining to cybersecurity. It contains 15 paragraphs with each paragraph copyrighted to Control Risks Group Limited. Contact information for cybersecurity matters at Control Risks Group Limited is provided.
Being aware of the trends that are expected to shape the digital landscape is an important step in ensuring the security of your data and online assets.
Amongst others, the webinar covers:
• Top Cyber Trends for 2023
• Cyber Insurance
• Prioritization of Cyber Risk
Presenters:
Colleen Lennox
Colleen Lennox is the Founder of Cyber Job Central, a newly formed job board dedicated to Cybersecurity job openings. Colleen has 25+ years in Technical Recruiting and loves to help other find their next great job!
Madhu Maganti
Madhu is a goal-oriented cybersecurity/IT advisory leader with more than 20 years of comprehensive experience leading high-performance teams with a proven track record of continuous improvement toward objectives. He is highly knowledgeable in both technical and business principles and processes.
Madhu specializes in cybersecurity risk assessments, enterprise risk management, regulatory compliance, Sarbanes-Oxley (SOX) compliance and system and organization controls (SOC) reporting.
Date: January 25, 2023
Tags: ISO, ISO/IEC 27032, Cybersecurity Management
-------------------------------------------------------------------------------
Find out more about ISO training and certification services
Training: https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27032
https://pecb.com/article/cybersecurity-risk-assessment
https://pecb.com/article/a-deeper-understanding-of-cybersecurity
Webinars: https://pecb.com/webinars
Article: https://pecb.com/article
Whitepaper: https://pecb.com/whitepaper
-------------------------------------------------------------------------------
For more information about PECB:
Website: https://pecb.com/
LinkedIn: https://www.linkedin.com/company/pecb/
Facebook: https://www.facebook.com/PECBInternational/
Slideshare: http://www.slideshare.net/PECBCERTIFICATION
YouTube video: https://youtu.be/BAAl_PI9uRc
The document discusses risk measurement in the context of disinformation and malign influence training. It begins by outlining why and what organizations aim to measure, such as the effectiveness and value of cognitive security programs. Existing monitoring and evaluation approaches are examined, including logframes commonly used to track outputs and outcomes. The document then reviews existing cognitive security measures like the UK government's RESIST framework and UNICEF's infodemic metrics. It concludes by providing suggestions for different types of performance and effectiveness metrics that can be used, as well as tools for gathering metrics like data analysis, surveys and chatbots.
The document discusses cognitive security, which involves applying information security principles to disinformation and influence operations. It defines cognitive security and compares it to cyber security. The document then outlines how to assess the information, harms, and response landscapes to understand the ecosystem and risks related to cognitive security. It proposes adapting frameworks like FAIR to conduct disinformation risk assessments and manage risks rather than artifacts. Finally, it discusses tools that can be used for response, including games, red/purple teaming, and simulations.
Cyber Threat Intelligence (CTI) primarily focuses on analysing raw data gathered from recent and past events to monitor, detect and prevent threats to an organisation, shifting the focus from reactive to preventive intelligent security measures.
This document outlines a presentation on threat hunting with Splunk. The presenter is Ken Westin, a security strategist at Splunk with over 20 years of experience in technology and security. The agenda includes an overview of threat hunting basics and data sources, examining the cyber kill chain through a hands-on attack scenario using Splunk, and advanced threat hunting techniques including machine learning. Log-in credentials are provided for access to hands-on demo environments related to the presentation.
Cyber threat intelligence: maturity and metricsMark Arena
From SANS Cyber Threat Intelligence Summit 2016. What are the characteristics of a mature cyber threat intelligence program, and how do you develop meaningful metrics? Traditionally, intelligence has been about providing decision
support to executives whilst the field of cyber threat intelligence supports this customer, and network defenders, who have different requirements. By using the intelligence cycle, this talk will
seek to help attendees understand how they can identify what a mature intelligence program looks like and the steps to take their program to the next level.
Cyber Threat Intelligence - It's not just about the feedsIain Dickson
The document discusses cyber threat intelligence and how it can support defensive cyber operations. It defines cyber threat intelligence and outlines different data source types that can be used, including internal incident data and external threat intelligence. It describes the Lockheed Martin Cyber Kill Chain and Diamond Models for structuring threat information and identifying gaps. Actionable threat intelligence requires both internal and external data across the cyber kill chain phases to generate useful context. Threat intelligence can help with incident response, penetration testing, and establishing an intelligence-led defensive posture focused on the most relevant threats.
disinformation risk management: leveraging cyber security best practices to s...Sara-Jayne Terp
This document discusses leveraging cybersecurity best practices to support cognitive security goals related to disinformation and misinformation. It outlines three layers of security - physical, cyber, and cognitive security. It then provides examples of cognitive security risk assessment and mapping the risk landscape. Next, it discusses working together to mitigate and respond to risks through proposed cognitive security operations centers. Finally, it provides a hypothetical example of conducting a country-level risk assessment and designing a response strategy. The document advocates adapting frameworks and standards from cybersecurity to help conceptualize and coordinate cognitive security challenges and responses.
Cyber Resilience presented at the Malta Association of Risk Management (MARM) Cybercrime Seminar of 24 June 2013 by Mr Donald Tabone. Mr Tabone, Associate Director and Head of Information Protection and Business Resilience Services at KPMG Malta, presented a six-point action plan corporate entities can follow in order to reach a sustainable level of cyber resilience.
ATT&CKing Your Adversaries - Operationalizing cyber intelligence in your own ...JamieWilliams130
This document discusses operationalizing cyber threat intelligence by emulating adversary behaviors. It explains how to take cyber threat intelligence and map behaviors to the MITRE ATT&CK framework. Specific focus is given to the "Process Doppelgänging" technique, including understanding the behavior, potential detections, and emulating the behavior. The importance of fully emulating operations and expanding emulations through tools like Caldera is also covered.
MITRE ATT&CKcon 2.0: State of the ATT&CK; Blake Strom, MITREMITRE - ATT&CKcon
This document provides an overview and update on the MITRE ATT&CK framework. It discusses the growth and updates made to ATT&CK in 2019, including the addition of 43 new techniques and 1 new tactic. It also previews upcoming work on implementing sub-techniques to provide more granular detail within techniques, and expanding ATT&CK to new domains like cloud computing and industrial control systems. The large community contribution to ATT&CK is also acknowledged.
The document discusses cyber threat intelligence and collaborative threat intelligence. It provides an overview of malware trends, requirements for developing threat intelligence capabilities, and principles for managing threat intelligence proactively. The document advocates for a collaborative threat intelligence framework to enable preventative response by identifying and blocking known attackers across multiple organizations through automated and real-time threat information sharing. Standards and tools discussed include IODEF, CIF and how CIF can be used to gather, identify, respond to and mitigate threats based on indicators collected from various sources.
In today’s connected world, cyber security is a topic that nobody can afford to ignore. In recent years the number and frequency of attacks on industrial devices and other critical infrastructure has risen dramatically. Recent news stories about hackers shutting down critical infrastructure have left many companies wondering if they are vulnerable to similar attacks. In this webinar we will discuss the most common security threats and unique challenges in securing industrial networks. We will introduce the current standards and share some useful resources and best practices for addressing industrial cyber security.
Key Takeaways:
1. Gain perspective regarding common security threats facing industrial networks.
2. Learn about the relevant standards governing industrial cyber security.
3. Increase understanding of some best practices for securing industrial networks.
This document discusses cyber resilience frameworks. It defines cyber resilience as the ability to continuously deliver intended outcomes despite adverse cyber events. Cyber resilience involves people, processes, technology, and facilities working together. Frameworks like NIST SP 800-160 v2, the DHS Cyber Resilience Review, and the MITRE Cyber Resiliency Engineering Framework provide guidance on implementing cyber resilience. NIST focuses on engineering systems for resilience while DHS assesses operational readiness and MITRE emphasizes anticipating, withstanding, recovering from, and adapting to cyber attacks. The document compares cybersecurity to cyber resilience and explains how the frameworks help organize concepts to improve cyber defenses.
6 Steps for Operationalizing Threat IntelligenceSirius
The best form of defense against cyber attacks and those who perpetrate them is to know about them. Collaborative defense has become critical to IT security, and sharing threat intelligence is a force multiplier. But for many organizations, good quality intelligence is hard to come by.
Commercial threat intelligence technology and services can help enterprises arm themselves with the strategic, tactical and operational insights they need to identify and respond to global threat activity, and integrate intelligence into their security programs.
Threat intelligence sources have varying levels of relevance and context, and there are concerns about data quality and redundancy, shelf life, public/private data sharing, and threat intelligence standards. However, if processed and applied properly, threat intelligence provides a way for organizations to get the insight they need into attackers’ plans, prioritize and respond to threats, shorten the time between attack and detection, and focus staff efforts and decision-making.
View to learn:
--The difference between threat information and threat intelligence.
--Available sources of intelligence and how to determine if they apply to your business.
--Key steps for preparing to ingest threat information and turn it into intelligence.
--How to derive useful data that helps you achieve your business goals.
--Tools that are available to make collaboration easier.
The document summarizes Jisc's cyber security strategy and services. It establishes a cyber security division in 2017 to consolidate security functions. It defends against threats through incident response, investigates distributed denial of service attacks, and provides professional security services like penetration testing. It also shares threat intelligence and has a roadmap for future services around DNS, firewalls, and digital forensics.
Cyber Threat Intelligence: Who is Targeting your Information? Control Risks
This document is copyrighted material from Control Risks Group Limited pertaining to cybersecurity. It contains 15 paragraphs with each paragraph copyrighted to Control Risks Group Limited. Contact information for cybersecurity matters at Control Risks Group Limited is provided.
Being aware of the trends that are expected to shape the digital landscape is an important step in ensuring the security of your data and online assets.
Amongst others, the webinar covers:
• Top Cyber Trends for 2023
• Cyber Insurance
• Prioritization of Cyber Risk
Presenters:
Colleen Lennox
Colleen Lennox is the Founder of Cyber Job Central, a newly formed job board dedicated to Cybersecurity job openings. Colleen has 25+ years in Technical Recruiting and loves to help other find their next great job!
Madhu Maganti
Madhu is a goal-oriented cybersecurity/IT advisory leader with more than 20 years of comprehensive experience leading high-performance teams with a proven track record of continuous improvement toward objectives. He is highly knowledgeable in both technical and business principles and processes.
Madhu specializes in cybersecurity risk assessments, enterprise risk management, regulatory compliance, Sarbanes-Oxley (SOX) compliance and system and organization controls (SOC) reporting.
Date: January 25, 2023
Tags: ISO, ISO/IEC 27032, Cybersecurity Management
-------------------------------------------------------------------------------
Find out more about ISO training and certification services
Training: https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27032
https://pecb.com/article/cybersecurity-risk-assessment
https://pecb.com/article/a-deeper-understanding-of-cybersecurity
Webinars: https://pecb.com/webinars
Article: https://pecb.com/article
Whitepaper: https://pecb.com/whitepaper
-------------------------------------------------------------------------------
For more information about PECB:
Website: https://pecb.com/
LinkedIn: https://www.linkedin.com/company/pecb/
Facebook: https://www.facebook.com/PECBInternational/
Slideshare: http://www.slideshare.net/PECBCERTIFICATION
YouTube video: https://youtu.be/BAAl_PI9uRc
The document discusses risk measurement in the context of disinformation and malign influence training. It begins by outlining why and what organizations aim to measure, such as the effectiveness and value of cognitive security programs. Existing monitoring and evaluation approaches are examined, including logframes commonly used to track outputs and outcomes. The document then reviews existing cognitive security measures like the UK government's RESIST framework and UNICEF's infodemic metrics. It concludes by providing suggestions for different types of performance and effectiveness metrics that can be used, as well as tools for gathering metrics like data analysis, surveys and chatbots.
The document discusses cognitive security, which involves applying information security principles to disinformation and influence operations. It defines cognitive security and compares it to cyber security. The document then outlines how to assess the information, harms, and response landscapes to understand the ecosystem and risks related to cognitive security. It proposes adapting frameworks like FAIR to conduct disinformation risk assessments and manage risks rather than artifacts. Finally, it discusses tools that can be used for response, including games, red/purple teaming, and simulations.
This document provides an overview of Module 2 from a training on disinformation and malign influence. It discusses managing information, influence, and response environments. It defines key concepts like information landscapes, influence landscapes, and response landscapes. It also provides examples of building these landscapes through desk research, data analysis, and interviews. The document outlines the history of information and how different technological developments have impacted the spread of information and misinformation over time. It discusses important considerations for understanding and mapping the different groups and capabilities involved in monitoring and responding to disinformation.
The document discusses setting up a project to respond to disinformation and malign influence. It covers establishing safety protocols to avoid harming targets, responders, or other stakeholders. It also discusses organizing resources like people, evidence collection, tools, and analysis. The document recommends planning the project using a lifecycle model to identify threats and establish processes for monitoring, detection, response, recovery and learning from lessons. It provides examples like the NIST cybersecurity framework and WHO Europe's full lifecycle risk model.
The document discusses training initiatives to strengthen the fight against cybercrime. It begins by introducing "Mr. Cyberman" and his background and skills. It then defines cybercrime under South African law and discusses common types like unauthorized access, denial of service attacks, and identity theft. The remainder focuses on training recommendations, including providing basic training for all members, educating first responders, and emphasizing continuing education for experts to stay up to date on cybercrime trends and techniques.
Dealing with Information Security, Risk Management & Cyber ResilienceDonald Tabone
The document discusses approaches to information security, risk management, and cyber resilience. It recommends taking a three-pronged approach to information security that includes awareness, technical controls, and periodic reviews. It also suggests adopting a framework for cyber risk management that is appropriate for the organization's needs and risk appetite. Finally, it outlines six key points to achieving cyber resilience: organizational readiness, situational awareness, detection, cyber defense, mitigation and containment, and recovery.
Cyber Security Awareness introduction. Why is Cyber Security important? What do I have to do to protect me from Cyber attacks? How to create a IT Security Awareness Plan ?
The document summarizes a panel discussion on addressing leadership disconnects regarding cybersecurity in K-12 districts. The panel included district leaders and national thought leaders. Key findings from a new report on cybersecurity attitudes and actions were presented. Three main insights from the research were that an effective plan requires shared responsibility, reassessing technology management is needed given increased reliance on tech, and preparation requires increased funding to support readiness and mitigation. The panel discussed best practices for districts to develop a shared culture and healthy cybersecurity posture.
How to Build a Successful Incident Response ProgramResilient Systems
Building an incident response program can be a cumbersome task when done manually. From identifying incident types and severity to creating a response plan for each incident type, Co3 provides an easy to use, customizable solution for quickly assessing, responding to, and driving incidents to closure. Co3 customer, USA Funds, manages incidents in one tenth of the time that it took previously.
This webinar will guide security practitioners through the process of creating a basic incident response process using Co3's Security Incident Response module. Based on a list of accumulated best practices, this webinar will give team members a good start on creating a successful incident response program to use at their organization.
Our featured speakers for this timely webinar will be:
-Ted Julian, Chief Marketing Officer, Co3 Systems
-Tim Armstrong, Security Incident Response Specialist, Co3 Systems
Identity Intelligence: From Reactionary Support to Sustained EnablerDuane Blackburn
This classified briefing discusses the evolution of the Department of Defense's identity intelligence capabilities from reactive support to sustained enablers. It provides an overview of past and present biometric capabilities fielded by DoD, including mobile identification technology, portable enrollment stations, and authoritative biometric databases. It also discusses the Identity Intelligence Project Office's role in defining policy, establishing data standards, and fostering information sharing to harmonize DoD identity intelligence requirements and integration. The briefing concludes by examining potential future directions, such as increased use of biometrics at borders and emphasis on fully illuminating identities through associated attributes.
This document provides an overview of a workshop on achieving attribute-based access control (ABAC). The workshop featured several presentations on implementing ABAC from industry experts. Topics included the roadmap to implementing ABAC, how to find and use attributes, mobile API management for ABAC, and the ABAC lifecycle. The document also provides a brief summary of each presentation.
Cloud Security Solutions for Public Institutions | TX DIR Forum 2019ManagedMethods
Technology plays a role in all facets of operations in public institutions. Among the least understood is how cloud computing and security play a role in cybersecurity and safety.
Webinar: Scale up you Cyber Security Strategy WebinarBlueliv
This document outlines an agenda for a presentation on threat intelligence and cybersecurity. The presentation will introduce Blueliv, a cyber threat intelligence provider, and discuss what threat intelligence is, the different types of threat intelligence, and challenges in the field. It will also cover actionable threat intelligence, Blueliv's cyber threat intelligence platform, and how to address botnets, targeted malware, and hacktivism. Finally, it will discuss how to scale threat response capabilities and next practical steps.
This document discusses using drones and digital skills to enhance project-based learning for Generation Z students. It defines digital skills and the digital taxonomy, noting how these can engage Gen Z students who prefer visual and team-based learning. The document suggests digital skills educators should explore, like digital literacy, creativity, and safety. Tips are provided on enhancing lessons with commercial aspects and AI, while addressing the generation gap by learning from different perspectives.
This document outlines the courses taught by the author in 2021-2022 on topics related to cybersecurity, cognitive security, and sociotechnical systems thinking. It describes two courses in particular - a Sociotechnical Ethical Hacking course and a Cognitive Security course. For each course, it provides an overview of topics covered and approaches taken, which emphasize a holistic view of security that considers both technical and human aspects of systems. It also discusses the author's other related work over the past year, including research, collaborations, mentoring, and community involvement activities.
This is the presentation I shared with the Uno high School Alumni Association for the digital hygiene program for the benefit of the Uno Community. Parents, students, alumni, teachers, and friends joined the webinar last May 01, 2021.
Threat intelligence involves the collection and analysis of data about potential cybersecurity risks in order to inform an organization's security decisions and improve prevention, detection, and response capabilities. The document discusses how establishing a dedicated threat intelligence program can help organizations by providing deeper insights into emerging and strategic threats, enabling more effective allocation of security budgets. It also notes that integrating threat intelligence with security tools and orchestrating automated responses is key to realizing the full benefits of a threat intelligence practice.
Information Security vs IT - Key Roles & ResponsibilitiesKroll
Marc Brawner is a Principal with Kroll's Cyber Security & Investigations team. In this presentation to the Tennessee Bankers Association, Marc explains the key roles & responsibilities of the information security and information technology teams for increased cyber security
Cyber Security - awareness, vulnerabilities and solutionsinLabFIB
This document discusses cybersecurity awareness, vulnerabilities, and solutions. It begins by outlining threats to IoT/ICS/SCADA systems from actors like script kiddies, gray hats, black hats, and state-sponsored groups. Common threats include DDoS attacks and exploiting vulnerabilities in device access controls and software updates. The document then examines solutions like developing response and recovery plans, conducting risk assessments, implementing security controls, and obtaining external cybersecurity support. It emphasizes the importance of cybersecurity awareness training, continuous monitoring, and establishing cooperation between organizations.
Ready to Unlock the Power of Blockchain!Toptal Tech
Imagine a world where data flows freely, yet remains secure. A world where trust is built into the fabric of every transaction. This is the promise of blockchain, a revolutionary technology poised to reshape our digital landscape.
Toptal Tech is at the forefront of this innovation, connecting you with the brightest minds in blockchain development. Together, we can unlock the potential of this transformative technology, building a future of transparency, security, and endless possibilities.
Discover the benefits of outsourcing SEO to Indiadavidjhones387
"Discover the benefits of outsourcing SEO to India! From cost-effective services and expert professionals to round-the-clock work advantages, learn how your business can achieve digital success with Indian SEO solutions.
HijackLoader Evolution: Interactive Process HollowingDonato Onofri
CrowdStrike researchers have identified a HijackLoader (aka IDAT Loader) sample that employs sophisticated evasion techniques to enhance the complexity of the threat. HijackLoader, an increasingly popular tool among adversaries for deploying additional payloads and tooling, continues to evolve as its developers experiment and enhance its capabilities.
In their analysis of a recent HijackLoader sample, CrowdStrike researchers discovered new techniques designed to increase the defense evasion capabilities of the loader. The malware developer used a standard process hollowing technique coupled with an additional trigger that was activated by the parent process writing to a pipe. This new approach, called "Interactive Process Hollowing", has the potential to make defense evasion stealthier.
6. Disinformation/Malign
Influence
Training,
Disarm
Foundation
|
2022
Course outcomes
After successfully completing the course, students will be able to:
● Elaborate how information security and cognitive security interact
● Evaluate persuasive technology at different scales
● Evaluate influence operation mechanisms and tracking techniques
● Use tools to investigate account and network-level coordinated
inauthentic activities
● Understand ethical behaviour around misinformation and disinformation
response and research
6
7. Disinformation/Malign
Influence
Training,
Disarm
Foundation
|
2022
Course structure
Understand environment
1: Introduction
2: Information and response
3: Threats
Set up project
4: Project setup
5: Data collection
Manage components
6: Influence
7: Narratives
8: Behaviours
Manage risk
9: Risk assessment
10: Risk measurement
Hotwash
Module 1: Introduction
● Introductions
● Defining “cognitive security”
● Cognitive Security
Exercise: play games
7
8. Disinformation/Malign
Influence
Training,
Disarm
Foundation
|
2022
Course schedule
8
DAY 1: understanding cogsec
9-10:30
Session 1: introduction
Exercise: play games
10:30-12
Session 2: information and response
Exercise: information & response landscapes
12-1 lunch
1-2:30
Session 3: threats
Exercise: threat landscape
2:30-4
Session 4: project setup
Exercise: set up your project resources
4-5:30
Session 5: data collection
Exercise: gather data for your project
DAY 2: managing cogsec
9-10:30
Session 6: influence
Exercise: influence analysis
10:30-12
Session 7: narratives
Exercise: narrative analysis
12-1 lunch
1-2:30
Session 8: behaviours
Exercise: behaviour analysis
2:30-4
Session 9: risk assessment
Exercise: purple team
4-5:30
Session 10: risk prioritisation
Exercise: hotwash
Each session is 55 mins taught, 30 mins exercise
10. Disinformation/Malign
Influence
Training,
Disarm
Foundation
|
2022
Course project
Explore an information harm area or incident
of your choice:
● Assess information, harms, and response
environments
● Organise project
● Gather data
● Identify incident artifacts
● Identify narratives and behaviours
● Suggest counters
● Report out - in a format of your choice
10
Image: https://commons.wikimedia.org/wiki/File:Project_Management_(project_control).png
11. Disinformation/Malign
Influence
Training,
Disarm
Foundation
|
2022
Start thinking about your project
Outputs
● Tweets, report, alert?
● Data science, notes, examples?
Topics
● Medical
● Disaster
● Elections
● Business
● War
Geography
● Region
● Country
● City etc
Creators
● Nationstate / criminal / insider / etc
Community
● Who is affected?
Harms
● Misinformation
● Disinformation
● Conspiracies
● Rumours
Channels
● Social media
● URLs
● Offline
11
16. Disinformation/Malign
Influence
Training,
Disarm
Foundation
|
2022
Cognitive Security: both of them
“Cognitive Security is the application of
artificial intelligence technologies, modeled
on human thought processes, to detect
security threats.” - XTN
MLSec - machine learning in infosec
● ML used in attacks on information
systems
● ML used to defend information systems
● Attacking ML systems and algorithms
● “Adversarial AI”
“Cognitive Security (COGSEC) refers to
practices, methodologies, and efforts made
to defend against social engineering
attempts‒intentional and unintentional
manipulations of and disruptions to cognition
and sensemaking” - cogsec.org
CogSec - social engineering at scale
● Manipulation of individual beliefs,
belonging, etc
● Manipulation of human communities
● “Adversarial cognition”
16
17. Disinformation/Malign
Influence
Training,
Disarm
Foundation
|
2022
Social Engineering: both of them
“the use of centralized planning in an
attempt to manage social change and
regulate the future development and
behavior of a society.”
● Mass manipulation etc
“the use of deception to manipulate
individuals into divulging confidential or
personal information that may be used for
fraudulent purposes.”
● Phishing etc
17
18. Disinformation/Malign
Influence
Training,
Disarm
Foundation
|
2022
Cognitive Security: Information Security applied to
disinformation+
“Cognitive security is the application of information security principles, practices, and tools
to misinformation, disinformation, and influence operations.
It takes a socio-technical lens to high-volume, high-velocity, and high-variety forms of
“something is wrong on the internet”.
Cognitive security can be seen as a holistic view of disinformation from a security
practitioner’s perspective
18
51. Disinformation/Malign
Influence
Training,
Disarm
Foundation
|
2022
Using games to prepare your responses
Learning game
● fun experience that teaches you
something
● Useful for training large numbers of
people simultaneously
Red team / Purple team
● test an organisation’s defences by
thinking like a bad guy
● Useful for finding system vulnerabilities,
and predicting future moves
Tabletop exercise
● key people responding to a simulated
event
● Useful for creating cohesive teams.
Often large scale
Simulation
● imitation of processes and
environment
● Useful for “what if” automated tests
51
53. Disinformation/Malign
Influence
Training,
Disarm
Foundation
|
2022
Assessing a game: look for…
Coverage
● Who is this designed for?
● Public, influencers, media etc
● Techniques covered
● Harms covered
● rumours, misinformation,
disinformation, conspiracy theories etc
● Variants, e.g. languages / countries
Viewpoint
● Whose point of view are you playing from?
● Do you “break it then fix it”?
53
Outcomes
● What did you learn from the game?
● What are the rewards from the game?
Continuation
● Where does it suggest you go or do next?
● Would you recommend it to your friends?
54. Disinformation/Malign
Influence
Training,
Disarm
Foundation
|
2022
A sampling of disinformation games
Game Point of view Audience Creator
Bad News Game,
Harmony Square,
Go Viral
Creator Public DROG
News Hero Media Public NATO stratcom
Cranky Uncle Family member Public Monash uni
Disinformation Diaries Politician Political staff Alliance of dems
Learn2Discern Media Public Ukraine
Fakey Fact checker Public Uni of Indiana
54
55. Disinformation/Malign
Influence
Training,
Disarm
Foundation
|
2022
Other disinformation games
Online games
● Fake News: the game
https://www.rand.org/research/projects/truth-decay/fighting-disinformation/search/items/fake-news-
the-game.html
● Checkology misinformation practice (e.g. https://checkology.org/lessons/teacher/163/elements/2471)
● Polititruth https://www.cinqmarsmedia.com/politifact/index.html (Politifact, Tinder-style)
● BBC iReporter
https://www.bbc.co.uk/news/resources/idt-8760dd58-84f9-4c98-ade2-590562670096
● Digital Compass https://www.gamesforchange.org/game/digital-compass/
● The Republia Times https://www.gamesforchange.org/game/the-republia-times/
● Interland https://beinternetawesome.withgoogle.com/en_us/interland
● Propaganda Game https://propagandagame.org/
● Factitious http://factitious.augamestudio.com/#/
● Hindsight2020 https://www.hindsight2020.eu/
Card games
● Fake News
● Paladone
55
56. Disinformation/Malign
Influence
Training,
Disarm
Foundation
|
2022
Assessing a game: look for…
Coverage
● Who is this designed for?
● Public, influencers, media etc
● Techniques covered
● Harms covered
● rumours, misinformation,
disinformation, conspiracy theories etc
● Variants, e.g. languages / countries
Viewpoint
● Whose point of view are you playing from?
● Do you “break it then fix it”?
56
Outcomes
● What did you learn from the game?
● What are the rewards from the game?
Continuation
● Where does it suggest you go or do next?
● Would you recommend it to your friends?