This course aims to fill the gap between the technical level and the operational level that is responsible for planning cyber activity. It provides a clear comprehension of the main data you need to plan cyber events, using real samples that are well documented in open source. Based on this analysis, applying the Intel Cycle to the cyber domain, you will identify the gaps you need to fill and drive the collection phase, tasking the correct sources to gather needed information. Merging indications, analysing and sharing these data, you will transform them into a possible cyber threat situation by using a sharing platform environment.
Achieving effects through Cyberspace
Intel cycle applied to the cyber domain
Threat Actor Strategies and Victimology
Technical data gathering Information
Social media gathering information
Transforming technical data into Threat Intelligence
To acquire the essential elements of understanding the cyber domain for Intelligence purposes, identifying data useful for planning cyber activities and gaining a better understanding of the enemy’s cyber capability.
To gain confidence with the main technical data available through the network, understanding which sources could be used to collect this information, and performing a general analysis and data correlation (filter, analyse, correlate data collected).
To gain confidence with the main data available through social networks and social media, understanding which sources could be used to collect this information, performing a general analysis and data correlation (filter, analyse, correlate data collected).
To practise differentiating, merging, analysing and sharing collected data.
To practise the theoretical knowledge acquired during the week, produce, assess and share data and become more confident with events, simulating real-life conditions.
J2, J3, J5, J6 staff members, branch heads, RRT/CERT members, Cyber Threat Analysts, mediators between Tech Level and Operational level.
Basic knowledge of Windows and Linux, TCP/IP stack, social media, virtualisation product and good understanding of technical cyber vocabulary and means.
Registration opens on.. Applicants from CCDCOE member nations should use the registration code provided by their national Point of Contact.
Final confirmation about the participation will be sent after the registration deadline.
In case of any questions, please contact: [email protected]