Strategic Intelligence Analysis Warning Intelligence
Course Information
This course takes from the best of the intelligence community, academia, years of hands-on activities to move your cyber threat intelligence program to a sustainable model adding real value to all stakeholders. We set students up for success building a model that moves cyber threat intelligence functions to the role of trusted advisor assisting in business decision-making. The course not only educates the student but prepares the student to educate leadership, integrate into corporate business processes, while delivering timely intelligence. We help students get to the point where they really understand the challenges of corporate decision-makers using inside and outside sources.
The course is timely, contextually needed, and moves the market while establishing the cyber threat intelligence analyst as a true discipline greatly needed in all corporate environments.
How is this course different from the Certified Threat Intelligence Analyst – Cyber Intelligence Tradecraft Certification course?
We found a need to assist organizations best understand the strategic functions of intelligence. Although there is some overlap in this course, the course goes into greater depth expanding well beyond traditional IT-type threat intelligence building the foundation for supporting decision-making outside of IT. There is some review for those who have taken previous Treadstone 71 courses but this course is the natural next steps in establishing a resilience, and sustainable cyber threat intelligence program. The course moves the functions and capabilities to a valid corporate asset.
Will the course offer the same types of hands-on exercises that make Treadstone 71 training the gold standard?
We definitely deliver several hands-on exercises complete with templates and examples. Our intent is to send each student back to their corporate environments armed with the knowledge necessary to immediately enhance their existing programs or, start new programs with a foundation rooted in excellence.
| STRATEGIC ANALYSIS | WARNING Analysis |
| Data, Information, Knowledge and Intelligence | The Role of Warning Intelligence |
| Knowledge Generation | Key Warning Factors in Preparations |
| Explicitly versus Tacit Knowledge | What Is Warning? |
| Principles of Knowledge Management | Intentions versus Capabilities |
| Monitoring your Business Environment | The function of Warning Intelligence |
| Analysis Projects | Indicators and Indications |
| Analysis Cycle | Strategic versus Tactical Warning |
| Briefing | What is a Warning? |
| The Management Brief | Warning as an Assessment of Probabilities |
| Starting the Project | Warning as a Judgment for the Stakeholder |
| Project Brief Checklist | Indicator Lists: Compiling Indications |
| Collection Planning | Fundamentals of Indications Analysis |
| Attributes of Sources - Source-Centered Collection Plan | Compiling Indications |
| The Collection Plan | Use of Indicator Lists |
| Segmentation of Sources | Extracting Indications Data |
| Valuation of Sources | The Nature of Cyber Indicators |
| Separating Rumor from Fact | Cyber Indications and Warnings |
| Using Social Media like a Police Scanner | The Nature of Cyber Indicators |
| Monitoring and Verifying | Importance of Cyber Indicators |
| Image Verification | Indications Chronology |
| Video Verification | Specifics of the Analytical Method |
| Using the Crowd | Presumption of Surprise |
| Verification Process and Checklists | Scope of Relevant Information |
| Verification Tools | Objectivity and Realism |
| Intelligence Requirements | Need to Reach Immediate Conclusions |
| Prioritization | Inference, Deduction and Induction |
| Essential Elements of Information | Acceptance of New Data |
| Indicators | Understanding How the Adversary Thinks |
| Specific Information Requirements | Consideration of Various Hypotheses |
| Glossary and Taxonomy | How Might they Go to Cyber War? |
| Mission and Requirements Management | Order of Cyber Battle Analysis in a Crisis Situation |
| Tools to Use | Cyber Order of Battle Methods |
| Data to Collect | Analysis of Cyber Mobilization |
| Iterative and Continuous Feedback Loop | Recognition of Cyber Buildup |
| The Data Collection Plan | Preparation for Cyber Warfare |
| Executing the Plan | Key Warning Factors in Preparations |
| Collection from Friendly or Neutral Sources | The preoccupation of Leadership / Stakeholders |
| HUMINT | Cyber Readiness |
| Free-flow (Cooperation, rules, benefits, risks & issues, analysis) | Exercises for Preparation versus Cyber Deployment |
| Interviewing (Cooperation, rules, benefits, risks & issues, analysis) | Magnitude and Redundancy of Preparations |
| Sampling (Cooperation, rules, benefits, risks & issues) | Cyber Wargaming |
| Networking (Cooperation, rules, benefits, risks & issues) | What is a Cyber Wargame |
| Protecting your Sources | Why run a Cyber Wargame |
| Across Cultural Barriers | Objectives |
| Collecting from Unsuspecting Sources | Success Factors |
| Passive Collection | Common flow |
| Elicitation (Cooperation, rules, benefits, risks & issues) | Common problems in setting up and running |
| Elicitor - Qualities - Cyber Appearance | STEMPLES Plus |
| Collection from Public Domain | Social, Technical, Economic, Military, Political, Legislative, Educational, Security |
| Anatomy of OSINT | Plus (Demographic, Religion, Psychological, catchall) |
| Spelling, Singular/Plural, Acronyms, Jargon, History, Synonyms, Quasi-Synonyms | Indicators of Change as Applied to STEMPLES Plus |
| Applications of OSINT | The ambiguity of STEMPLES Plus Indicators |
| OSINT overload - Focus | A Problem of Perception |
| Collection from Images | Considerations in STEMPLES Plus Warning |
| Picture Analysis | The Relative Weight of STEMPLES Plus Factors |
| How to apply Intelligence from Image Collection | Maintaining your STEMPLES Plus Indicators of Change |
| When to do so | Isolating the Critical Facts and Indications |
| Imagery Intelligence output | Guidelines for Assessing the Meaning of Evidence |
| Collection from Things | Hofstede Principles |
| Back end collection and analysis | Hofstede as Applied to STEMPLES Plus |
| Where to apply the collection | Adversary Baseball Cards |
| When and How to apply the collection | Country, Group, Campaign, Individuals |
| Collection Outsourcing | Reconstructing the Adversary's Decision-making Process |
| Analysis | Benching marking your adversary |
| Introduction | Adversary TTPs |
| Attributes of strategic analysis | Adversary Profiling |
| Collector - Analyst Relationship | Adversary Supply Chain |
| Collector-Analyst Differences - Corporate alignment - All as one | Skills and Education |
| Strategic Analysis Cycle | Tools and Their Application |
| Anatomy of Analysis | Principal Factors in Timing and Surprise |
| Where, who, when, why, and how | Examples of Assessing Timing |
| Pitfalls | Warning is Not a Forecast of Imminence |
| Common pitfalls in analysis | The Problem of Deception |
| Bias | Infrequency and Neglect of Deception |
| Ethnocentric | Principles, Techniques and Effectiveness of Deception |
| Wishful Thinking | Types of Deception |
| Status quo | Countering Deception |
| Herding | Judgments and Corporate Policy |
| Previous Judgments | Facts Don't “Speak For Themselves’’ |
| Conventional wisdom | What Do Top Stakeholders Need, and Want, to Know? |
| Data and meta data | Intelligence in Support of Policy? |
| Data QA | Assessing Probabilities |
| Data processing and QC | Improving Warning Assessments |
| Data Credibility | Factors Influencing Judgments and Reporting |
| Source Validity | General Warning Principles |
| Data and Source Relevance | Most Frequent Impediments to Warning |
| Scoring Methods | |
| Data Preparation | |
| Managing incomplete data | |
| Managing conflicting data | |
| Weighing Data | |
| Working with experts - | |
| Data Quantity versus Quality | |
| Misperceiving Events | |
| Premature closing | |
| Confusing causality and correlation | |
| Flawed analogies | |
| Functions and Responsibilities | |
| Structured Analytic Techniques | |
| Link analysis/network charts | |
| Timeline/Chronology | |
| Network Analysis | |
| Brainstorming | |
| Structured Brainstorming | |
| Virtual Brainstorming | |
| Nominal Group Technique | |
| Starbursting | |
| Cross-Impact Matrix | |
| Morphological Analysis | |
| Quadrant Crunching | |
| Scenario Analysis | |
| Mechanics of Scenario Analysis | |
| When and why to plan | |
| Success factors | |
| Design principles | |
| Attributes of a good scenario | |
| Flow of a Scenario Exercise | |
| Pitfalls in Scenario Analysis | |
| Alternative Futures Analysis | |
| Indicators | |
| Indicators Validator | |
| Hypothesis Generation | |
| Formulation and testing | |
| Theories, Forecasts | |
| Testing | |
| The Multiple Hypotheses Generator | |
| Diagnostic Reasoning | |
| Analysis of Competing Hypotheses | |
| Argument Mapping | |
| Deception Detection | |
| Key Assumptions Check | |
| Outside In Thinking | |
| Pre-Mortem Assessment | |
| What If? Analysis | |
| High Impact, Low Probability | |
| Devil’s Advocacy | |
| Force Field Analysis | |
| Maps | |
| Flow charts | |
| Frequency charts | |
| Story boards | |
| Appendices | |
| Appendix A – FORMS | |
| Key Assumptions | |
| Indicators / Observables Matrix | |
| Threat Situational Awareness | |
| Detection Indicators – Threat and Disposition | |
| Threat Type – Description – Disposition | |
| Priority Intelligence Requirements – Collection Planning | |
| Kill Chain Phase | |
| Types of Analysis | |
| Decomposition | |
| Link Analysis | |
| Pattern Analysis | |
| Trend Analysis | |
| Technical Baseline | |
| Functional Baseline | |
| Cultural Baseline | |
| Tendency Analysis | |
| Cultural Analysis | |
| Anomaly analysis | |
| Semiotic Analysis | |
| Anticipatory Analysis | |
| Volatility Analysis | |
| Supply Chain Analysis | |
| Recomposition | |
| Synthesis | |
| Analyst - Stakeholder Interaction | |
| Uncertainty | |
| Decision-making strategies | |
| Challenges | |
| Moving towards a Trusted Advisor Role | |
| Cherry picking | |
| Yes Manship | |
| Groupthink | |
| Compliance Mandatory - Ethics as Identity | |
| Legislation | |
| Scope of compliance and ethics in analysis | |
| Code of ethics for strategic analysis | |
| Organizing a Strategic Analysis Function | |
| Getting started | |
| Structure after strategy | |
| The right structure enables efficient/effective execution | |
| Centralized versus Decentralized - a comparison | |
| Organizing a solid team | |
| Design principles | |
| Functional and behavioral competency building | |
| Towards a world-class strategic analysis organization | |
| Five Levels of Strategic Analysis Professionalism | |
| Profile of an analyst | |
| Functional competencies | |
| Behavioural competencies | |
| Measuring competencies - Competency models | |
| Job descriptions and hiring questions | |
| Accountability, Key Activities, Results |
Event Properties
| Event Date | 01-06-2021 3:00 pm |
| Event End Date | 04-22-2029 3:00 pm |
| Registration Start Date | 01-06-2021 3:00 pm |
| Capacity | 20 |
| Cut off date | 04-17-2027 3:00 pm |
| Individual Price | USD5,999.00 |
| Location | Online |
Group Rate
| #Registrants | Rate/Person (USD) |
|---|---|
| 5 | 169.00 |
| 10 | 149.00 |