Building Cyber Threat Intelligence Capabilities

Promoting Cyber Security and protecting organizations from cyber threats and attacks one at a time

What you'll learn

Know and understand the basic concepts behind building a Cyber Threat Intelligence Team and its operations.

Discuss the key concepts behind Cyber-Threat Intelligence, including its benefits and capabilities and how these can be used to complement an organization.

Understand how Cyber Threat Intelligence can complement and interact with other business units.

Scope the implementation of Cyber Threat Intelligence activities based on organizational priorities, requirements and existing resources and capabilities.

Proactively identify emerging cyber threats and provide mitigation controls and recommendations.

Provide operational support to security investigations, Incident Response, and vulnerability management teams.

Produce operational metrics to gauge the effectiveness of the Threat Intelligence Program aids your organization in reducing risk.

Create Intelligence Requirements (IRs) and supporting processes and procedures to support the day-to-day operations of your Cyber-Threat Intelligence program.

Understand key tools and technologies that can be used to automate and otherwise support the operations of the Cyber Threat Intelligence program.

Produce actionable intelligence products that can be easily consumable by various teams, stakeholders and tools.

Identify and implement appropriate Courses-of-Action based on identified threats that have been identified and also have the potential to impact an organization

Requirements

Previous experience in Information Security or Cyber-Security would be considered an asset but it is not a requirement or pre-requisite.

Description

The course aims to provide organizations, regardless of their size, with the necessary knowledge and skills to develop a customized Cyber-Threat Intelligence program that aligns with their unique needs, requirements, and budget. By following this course, participants will learn how to effectively plan, build, and operationalize such a program within their organization.The course begins by emphasizing the importance of identifying critical assets, both in terms of technology and business processes. This step is crucial because it helps organizations understand which areas of their operations are most vulnerable to cyber threats. By recognizing these crown-jewels, which refer to the most valuable and sensitive assets, organizations can prioritize their efforts in protecting them.Once the critical assets are identified, the course proceeds to teach participants how to detect cyber threats that specifically target those assets. This involves learning about various threat intelligence sources, such as open-source intelligence, dark web monitoring, and information sharing platforms. Participants will understand how to gather, analyze, and interpret threat data in order to identify potential risks and attacks.Moreover, the course emphasizes the importance of implementing appropriate controls and detection capabilities to proactively respond to cyber threats. Participants will gain insights into different security measures and technologies that can be utilized to safeguard the organization's crown-jewels. This may include intrusion detection systems, security information and event management (SIEM) solutions, endpoint protection, and other relevant tools.Importantly, the course highlights that developing a Cyber Threat Intelligence program does not have to be expensive or overly complex. Rather, the focus is on designing a program that aligns with the organization's intelligence objectives. This means tailoring the program to fit the specific needs, resources, and goals of the organization. By doing so, organizations can create an effective and efficient Cyber Threat Intelligence program that enhances their security posture without unnecessary financial burden or complexity.Overall, the course provides organizations with a comprehensive understanding of the key elements involved in establishing a tailored Cyber Threat Intelligence program. By leveraging this knowledge, organizations can better anticipate and respond to cyber threats, safeguard their critical assets, and ultimately enhance their overall security posture.

Overview

Section 1: Introduction

Lecture 1 Course Introduction

Lecture 2 Introduction to Cyber Threat Intelligence

Lecture 3 What makes a successful Cyber Threat Intelligence Program

Lecture 4 What you should know when developing a successful CTI program - Part #1

Lecture 5 What you should know when developing a successful CTI program - Part #2

Lecture 6 What you should know when developing a successful CTI program - Part #3

Lecture 7 What resources do I need

Lecture 8 Summary

Lecture 9 What is next

Section 2: Discovery

Lecture 10 Discovery - Introduction

Lecture 11 Discovery Activities

Lecture 12 Data collection - Part #1

Lecture 13 Data Collection - Part #2

Lecture 14 Data collection sample

Lecture 15 Action Items

Lecture 16 Summary

Lecture 17 What is next

Section 3: Risk Assessment and Threat Modelling

Lecture 18 Introduction - Risk assessment and threat modelling

Lecture 19 Risk assessment and threat modelling

Lecture 20 Risk and threat models by category - Part #1

Lecture 21 Risk and threat models by category - Part #2

Lecture 22 Threat Metrics

Lecture 23 Threat modelling example

Lecture 24 Action Items

Lecture 25 Summary

Lecture 26 What is Next

Section 4: Intelligence Requirements - Definition

Lecture 27 Introduction

Lecture 28 Intelligence Requirements

Lecture 29 Anatomy of a Intelligence Requirement

Lecture 30 Intelligence Requirements - Definitions

Lecture 31 Sample Intelligence Requirements

Lecture 32 Action Items

Lecture 33 Summary

Lecture 34 What is Next

Section 5: Intelligence Requirements - Collection Plans

Lecture 35 Introduction

Lecture 36 Intelligence Sources

Lecture 37 Internal Sources

Lecture 38 Open Source (OSINT)

Lecture 39 Commercial Sources

Lecture 40 Trusted Communities

Lecture 41 Collection Plans

Lecture 42 Action Plans

Lecture 43 Summary

Lecture 44 What is Next

Section 6: Intelligence Requirements - Products and SLAs

Lecture 45 Introduction

Lecture 46 Courses of Action (COAs)

Lecture 47 Service catalogue - Part #1

Lecture 48 Service catalogue - Part #2

Lecture 49 Service catalogue - Part #3

Lecture 50 Communication Plans

Lecture 51 Service Level Agreements (SLAs)

Lecture 52 Action Items

Lecture 53 Summary

Lecture 54 What is Next

Section 7: Intelligence Tools

Lecture 55 Introduction

Lecture 56 Data Collection - Part #1

Lecture 57 Data Collection - Part #2

Lecture 58 Operational Security (OPSec)

Lecture 59 Research and investigation - Pre-configured virtual machine’s and other tools

Lecture 60 Tracking systems

Lecture 61 Where are your tools going to live

Lecture 62 Actions Items

Lecture 63 Summary

Lecture 64 What is Next

Section 8: Reporting and Metrics

Lecture 65 Introduction

Lecture 66 Operational metrics - Part #1

Lecture 67 Operational metrics - Part #2

Lecture 68 Reporting - Part #1

Lecture 69 Reporting - Part #2

Lecture 70 Action Items

Lecture 71 Summary

Lecture 72 What is Next

Section 9: Executive and Stakeholder Buy-in

Lecture 73 Introduction

Lecture 74 What can CTI do for an organization

Lecture 75 Organization support for the CTI program

Lecture 76 Action Items

Lecture 77 Summary

Lecture 78 What is Next

This course is designed to enable organizations of any size to plan, build and operationalize a tailored Cyber-Threat Intelligence program based on their specific needs, requirements, and budget. Through identifying critical assets, technology and business processes, students will be able to detect cyber threats targeting your organizations crown-jewels and implement controls and detection capabilities to be able to proactively respond to these threats. Cyber Threat Intelligence programs do not need to be expensive or complex as long as they are designed to fit organizational intelligence objectives.