We found a need to assist organizations best understand the strategic functions of intelligence. Although there is some overlap in this course, the course goes into greater depth expanding well beyond traditional IT-type threat intelligence building the foundation for supporting decision-making outside of IT. There is some review for those who have taken previous Treadstone 71 courses but this course is the natural next steps in establishing a resilience, and sustainable cyber threat intelligence program. The course moves the functions and capabilities to a valid corporate asset.
Will the course offer the same types of hands-on exercises that make Treadstone 71 training the gold standard?
We deliver several hands-on exercises complete with templates and examples. Our intent is to send each student back to their corporate environments armed with the knowledge necessary to immediately enhance their existing programs or, start new programs with a foundation rooted in excellence.
| STRATEGIC ANALYSIS | ESTIMATIVE AND WARNING ANALYSIS |
| Data, Information, Knowledge and Intelligence | The Role of Warning Intelligence |
| Knowledge Generation | Key Warning Factors in Preparations |
| Explicitly versus Tacit Knowledge | What Is Warning? |
| Principles of Knowledge Management | Intentions versus Capabilities |
| Monitoring your Business Environment | The function of Warning Intelligence |
| Analysis Projects | Indicators and Indications |
| Analysis Cycle | Strategic versus Tactical Warning |
| Briefing | What is a Warning? |
| The Management Brief | Warning as an Assessment of Probabilities |
| Starting the Project | Warning as a Judgment for the Stakeholder |
| Project Brief Checklist | Indicator Lists: Compiling Indications |
| Collection Planning | Fundamentals of Indications Analysis |
| Attributes of Sources – Source-Centered Collection Plan | Compiling Indications |
| The Collection Plan | Use of Indicator Lists |
| Segmentation of Sources | Extracting Indications Data |
| Valuation of Sources | The Nature of Cyber Indicators |
| Separating Rumor from Fact | Cyber Indications and Warnings |
| Using Social Media like a Police Scanner | The Nature of Cyber Indicators |
| Monitoring and Verifying | Importance of Cyber Indicators |
| Image Verification | Indications Chronology |
| Video Verification | Specifics of the Analytical Method |
| Using the Crowd | Presumption of Surprise |
| Verification Process and Checklists | Scope of Relevant Information |
| Verification Tools | Objectivity and Realism |
| Intelligence Requirements | Need to Reach Immediate Conclusions |
| Prioritization | Inference, Deduction and Induction |
| Essential Elements of Information | Acceptance of New Data |
| Indicators | Understanding How the Adversary Thinks |
| Specific Information Requirements | Consideration of Various Hypotheses |
| Glossary and Taxonomy | How Might they Go to Cyber War? |
| Mission and Requirements Management | Order of Cyber Battle Analysis in a Crisis Situation |
| Tools to Use | Cyber Order of Battle Methods |
| Data to Collect | Analysis of Cyber Mobilization |
| Iterative and Continuous Feedback Loop | Recognition of Cyber Buildup |
| The Data Collection Plan | Preparation for Cyber Warfare |
| Executing the Plan | Key Warning Factors in Preparations |
| Collection from Friendly or Neutral Sources | The preoccupation of Leadership / Stakeholders |
| HUMINT | Cyber Readiness |
| Free-flow (Cooperation, rules, benefits, risks & issues, analysis) | Exercises for Preparation versus Cyber Deployment |
| Interviewing (Cooperation, rules, benefits, risks & issues, analysis) | Magnitude and Redundancy of Preparations |
| Sampling (Cooperation, rules, benefits, risks & issues) | Cyber Wargaming |
| Networking (Cooperation, rules, benefits, risks & issues) | What is a Cyber Wargame |
| Protecting your Sources | Why run a Cyber Wargame |
| Across Cultural Barriers | Objectives |
| Collecting from Unsuspecting Sources | Success Factors |
| Passive Collection | Common flow |
| Elicitation (Cooperation, rules, benefits, risks & issues) | Common problems in setting up and running |
| Elicitor – Qualities – Cyber Appearance | STEMPLES Plus |
| Collection from Public Domain | Social, Technical, Economic, Military, Political, Legislative, Educational, Security |
| Anatomy of OSINT | Plus (Demographic, Religion, Psychological, catchall) |
| Spelling, Singular/Plural, Acronyms, Jargon, History, Synonyms, Quasi-Synonyms | Indicators of Change as Applied to STEMPLES Plus |
| Applications of OSINT | The ambiguity of STEMPLES Plus Indicators |
| OSINT overload – Focus | A Problem of Perception |
| Collection from Images | Considerations in STEMPLES Plus Warning |
| Picture Analysis | The Relative Weight of STEMPLES Plus Factors |
| How to apply Intelligence from Image Collection | Maintaining your STEMPLES Plus Indicators of Change |
| When to do so | Isolating the Critical Facts and Indications |
| Imagery Intelligence output | Guidelines for Assessing the Meaning of Evidence |
| Collection from Things | Hofstede Principles |
| Back end collection and analysis | Hofstede as Applied to STEMPLES Plus |
| Where to apply the collection | Adversary Baseball Cards |
| When and How to apply the collection | Country, Group, Campaign, Individuals |
| Collection Outsourcing | Reconstructing the Adversary’s Decision-making Process |
| Analysis | Benching marking your adversary |
| Introduction | Adversary TTPs |
| Attributes of strategic analysis | Adversary Profiling |
| Collector – Analyst Relationship | Adversary Supply Chain |
| Collector-Analyst Differences – Corporate alignment – All as one | Skills and Education |
| Strategic Analysis Cycle | Tools and Their Application |
| Anatomy of Analysis | Principal Factors in Timing and Surprise |
| Where, who, when, why, and how | Examples of Assessing Timing |
| Pitfalls | Warning is Not a Forecast of Imminence |
| Common pitfalls in analysis | The Problem of Deception |
| Bias | Infrequency and Neglect of Deception |
| Ethnocentric | Principles, Techniques and Effectiveness of Deception |
| Wishful Thinking | Types of Deception |
| Status quo | Countering Deception |
| Herding | Judgments and Corporate Policy |
| Previous Judgments | Facts Don’t “Speak For Themselves’’ |
| Conventional wisdom | What Do Top Stakeholders Need, and Want, to Know? |
| Data and meta data | Intelligence in Support of Policy? |
| Data QA | Assessing Probabilities |
| Data processing and QC | Improving Warning Assessments |
| Data Credibility | Factors Influencing Judgments and Reporting |
| Source Validity | General Warning Principles |
| Data and Source Relevance | Most Frequent Impediments to Warning |
| Scoring Methods | |
| Data Preparation | Appendix A – FORMS |
| Managing incomplete data | Key Assumptions |
| Managing conflicting data | Indicators / Observables Matrix |
| Weighing Data | Threat Situational Awareness |
| Working with experts – | Detection Indicators – Threat and Disposition |
| Data Quantity versus Quality | Threat Type – Description – Disposition |
| Misperceiving Events | Priority Intelligence Requirements – Collection Planning |
| Premature closing | Kill Chain Phase |
| Confusing causality and correlation | Types of Analysis |
| Flawed analogies | Decomposition |
| Functions and Responsibilities | Link Analysis |
| Structured Analytic Techniques | Pattern Analysis |
| Link analysis/network charts | Trend Analysis |
| Timeline/Chronology | Technical Baseline |
| Network Analysis | Functional Baseline |
| Brainstorming | Cultural Baseline |
| Structured Brainstorming | Tendency Analysis |
| Virtual Brainstorming | Cultural Analysis |
| Nominal Group Technique | Anomaly analysis |
| Starbursting | Semiotic Analysis |
| Cross-Impact Matrix | Anticipatory Analysis |
| Morphological Analysis | Volatility Analysis |
| Quadrant Crunching | Supply Chain Analysis |
| Scenario Analysis | Recomposition |
| Mechanics of Scenario Analysis | Synthesis |
| When and why to plan | Analyst – Stakeholder Interaction |
| Success factors | Uncertainty |
| Design principles | Decision-making strategies |
| Attributes of a good scenario | Challenges |
| Flow of a Scenario Exercise | Moving towards a Trusted Advisor Role |
| Pitfalls in Scenario Analysis | Cherry picking |
| Alternative Futures Analysis | Yes Manship |
| Indicators | Groupthink |
| Indicators Validator | Compliance Mandatory – Ethics as Identity |
| Hypothesis Generation | Legislation |
| Formulation and testing | Scope of compliance and ethics in analysis |
| Theories, Forecasts | Code of ethics for strategic analysis |
| Testing | Organizing a Strategic Analysis Function |
| The Multiple Hypotheses Generator | Getting started |
| Diagnostic Reasoning | Structure after strategy |
| Analysis of Competing Hypotheses | The right structure enables efficient/effective execution |
| Argument Mapping | Centralized versus Decentralized – a comparison |
| Deception Detection | Organizing a solid team |
| Key Assumptions Check | Design principles |
| Outside In Thinking | Functional and behavioral competency building |
| Pre-Mortem Assessment | Towards a world-class strategic analysis organization |
| What If? Analysis | Five Levels of Strategic Analysis Professionalism |
| High Impact, Low Probability | Profile of an analyst |
| Devil’s Advocacy | Functional competencies |
| Force Field Analysis | Behavioral competencies |
| Maps | Measuring competencies – Competency models |
| Flow charts | Job descriptions and hiring questions |
| Frequency charts | Accountability, Key Activities, Results |
| Story boards | |
| Appendices |