Professional Documents
Culture Documents
1
Stakeholder(s) 2.1.1.2.1
Who
1.1.3.3.2.1
Long-Term 2.1.1.2.2
Who the What
1.1.3.3.2 1.1.3.3.2.2
Stakeholder(s) are
Focus Medium-Term
6.x.x
2.1.1.2.3
Clear 1.1.3.3.2.3
Short-Term
Where
1.1.3.1 2.1.1.2
Define 5W+H
6.x.x
1.1.1 Personas 2.1.1.2.4
1.1.3.3.1.1
6.1.1.1
Measurable Identify Why
Strategic
Product / Stakeholders
Service 1.1.3.3.1
Level
1.1.3.3.1.2
Operational
2.1.1.2.5
6.x.x
6.x.x When
Correlated to Who they are
6.1.1.2 Decision(s) Good 1.1.3.1.3
6.x.x 6.x.x
Version: 0.7.24 July 2021 1.1.3
1.1.3.2
Create Profile
1.1.3.2.4
Cyber Security Focus
Stakeholders
or their focus
2.1.1.3
Level
2.1.1.3.2
Operational
6.1.4.2.2
6.1.4.x
New Intel from cases Managers
Procedures Requirements Intelligence Ingestion
Resources to 6.x.x 2.1.1.4
6.1.2.3 Format
Approaching 6.1.4.x
Level of Preparedness Call x.x 6.x.x Adjustments 1.1.6
Stakeholders Organizational Feedback Develop Criteria 1.1.6.1 2.1.2.1.3.1
5.3.2
Medium
5.x.x
Stakeholder
6.1.4.15
# of IOC Generated Tasking Management Intel Requirements
1.4.1
Estimative What Happens Next?
- How does the audience take in and absorb information? Low Internal / 6.3.2 Production Product Portfolio Eploration
- How much time does your primary audience have to digest your product?
External LEAST VALUE/ 6.1.4.16 Adjust Immediate
EASY # of Feeds Ingested Requirements 1.4.3 2.1.3.2.2
- Should the output be a short, focused article for a senior decision maker or a longer piece with more detail that will serve a more operational audience? Tasking Templates / Style Guides Diagnostic
6.3.3
- Is there more than one primary customer? 5.x.x 6.1.4.18 What we
Meeting # of RFI's Answered 6.4.1.1 Stop will be producing 1.4.3 2.1.3.2 2.1.3.2.3
- Is there a need to develop different products in different formats? Intelligence Too Late Reporting Matrix SATs Reframing
5.x.x 5.x.x
- What is the appropriate language and vocabulary? Requirements
Issue AIMS 6.1.4.18
# of Fulfilled IRs 6.4.1.2
1.5 2.1.3.2.4
- Outputs
- How many and what types of products do you need to plan for?
5.x.x
Providing On Time Analysis 2.1.3
Foresight
Value 6.1.4.18
- What exactly will be available to your end user?s? # of New IRs Generated 6.4.1.3 6.4.1
What can
Management Analysis 2.1.3.2.5
Too Early Timeliness Combination Decision Support
- Do your audience need the raw data? we do better? 1.6.1
of SATs
5.x.x 6.1.4.17
How we will Coverage
- Where and how will you store them after they are released? Clarity 5.x.x
Summarize
# of Views 6.4.1.4
Analyse
Not at All
- Format of key message in one 5.x.x
5.x.x
Message 6.1.4.18 1.6.2 2.1.3.3.1
- What is the likely format of the main message and its storyline? Relevance Sentence Adapt
# of Downloads 1.6 Gaps
- How can you adapt your narrative into a format or structure the end users are accustomed to (PowerPoint, briefs, large reports, etc.)? 5.x 6.4.2.1 6.4.2 Long-Term
5.x.x
5.x.x
Quality
5.x.x
Storyline 6.1.4.19 Correct? Accuracy Collection 2.1.3.3 2.1.3.3.2
- Will the message be clearest through a map, a briefing or a report? Brevity Control Dissemination Survey Medium-Term Tool(s) Build
- Is the customer more likely to use a hard or soft copy of a product? Management 1.6.3
Plan Short-Term Risk Type of
- Should it be colour or black and white? 5.x.x
Security 5.x.x
6.4.3.1
Tool(s)
2.1.3.3.3
- Should the product be short or long, in paragraphs or bullets, with few or many visuals? Timely
Fit for Purpose 6.4.3
6.4 Intelligence & How and What
we will Collect
Buy
Content 2.1.3.4
- Is it possible to capture the essence of your message in one or a few graphics? 5.x.x
Ease of 5.x.x
6.4.3.3
Relevance Define Production Skills / Knowledge
- Should your findings be summarized in an executive summary? Tied to IRs
Assimilation 5.x.x
Threat
Relevant 5.x.x
6.4.4 Necessary Requirements 1.7 2.1.3.5.1
- Communicate Uncertainty Actionable 2.1
Hunters
5.x.x Format Changes Expectation 1.7.1
Success Criteria
Intel cycle
- How will you communicate uncertainty in your graphics and your narrative? Accurate RFI/Task Dialogue
- What is the best way to report and communicate on the limitations of your analysis? 5.x.x 5.x.x
6.4.5 Management 2.1.3.5 2.1.3.5.2
SOC Blue Team
5.x.x
5.x.x
6.4.6.1 Delivery (Internal AND External) Intel Model(s) Cyber Kill Chain
- Is your audience accustomed to statistical terms or do you need to use more qualitative terms to reflect on confidence and probability levels? Pull vs What Good
Consumable Streamline Combination
- How will you differentiate between facts and assumptions? 5.x.x
IRT
5.x.x
Red Team Push looks like
of Intel Model(s)
2.1.3.5.3
Diamond Model
6.4.6
- Dissemination strategy 6.4.6.2
Workflow &
1.8.1
Update Prepare for Unexpected
- How will your end users access your outputs? 5.x.x
5.x.x Process 1.8 1.8.2.1
- How will you share and document data and methods to ensure transparency and the possibility to verify or reproduce result?
Purple Team
CSIRT / CDC .. Measures of Performance
6.4.6.3
Automate
What can Metrics 1.8.2
Standards 2.x.1.1 2.1.4.1
- Do you need to attach raw data, reference documents and other supporting evidence to your document and presentation? 5.x.x
Improve?
1.8.2.2 Dissemination Intel Gaps
- What are the protective measures you need to implement and communicate in case of sensitive information? Forensics Management 1.8.3
Measures of Effectiveness
6.4.7.1
- Who needs to receive the final output? 5.x.x Scales 2.x.2.1
Production
Data, information, or
ACAPS - The Analysis Canvas 5.x.x Identified 6.5 1.9.3 Tracking Analytical Build
Vulnerability Roadmap & Development
Mgmt 6.5.2
Implement 2.x.2.1.3 2.1.4.3 2.1.4.3.2
1.9.4 People / Networking Access Develop
Lessons Integrations 2.x.2.1
5.x.x Skills &
Anti-Fraud Learned 1.10 Competencies 2.x.2.1.4 2.1.4.3.3
SBU
Restrictions Reference
we will find
5.8 Information
x.x 3.1.3.7 3.2.1.1.2
4.1.3.1
Categorization Analysis 3.2.2.4
Trusted Non-public
Relationships
4.1.x
Initial Access Government Entities
Cyber Kill Chain 4.1.x
4.1.3.2 Grouping
Execution 3.2.3.1
4.1.x Reporting Entity
4.1.3.3
Selection 4.1 3.2
Persistence 3.2.3.2.1
Author's knowledge
4.1.x
Collation Sources 3.2.3.2
Reporting Author of the topic
4.1.3.4
Privelege Escalation Entity Recognition
4.1.3.5
4.1.x .. 3.2.3 3.2.3.3.1
Methodology Described?
Defense Evation Source Reliability
Structuring
4.1.3.6 3.2.3.3 3.2.3.3.2
4.1.3.8
Requirements Source Prioritized
Lateral Movement 3.2.3.4.1
4.1.x Where to
Collect From 3.2.6 To inform
4.1.3.9 Mitre Source Development
Collection 3.2.3.4 3.2.3.4.2
3.3.2.1.1 Agendas or Purpose Media/Marketing Effort
4.1.3.10 Technical
Command & Control x.x 3.3.1.1
4.3.3.2.1.1 Induction 3.3.1 Analysis 3.2.3.4.3
Sorting x.x 4.2.1.1
Process & 3.3.2.1.2 (Geo)Political
4.1.3.11 Observation Admiralty Scale Analytical
Exfiltration x.x
4.2.1 Procedures 3.3.1.2
4.3.3.2.1.2 Deduction Models
Ranking, Scoring & x.x x.x 4.2.1.2 Source / Info Evaluation 3.3.2.1.3
4.3.3.2.2
Read & Extract x.x 4.3.1.4 Collection 3.3.3.2.3 3.3.3.4.7
4.3.3.2.2.4
Exploration SAT Bottom-Up Estimative Automatic IntelOWL
Starbursting
x.x
Schematize 3.3.3.2.4
4.3.3.2.2.5 Processing
MindMaps
x.x x.x
Build Case SenseMaking 4.3.2.1
4.3.3.2.2.6
Traditional Analysis 3.3.3
Concept Maps Technology 3.3.3.3.1
Spreadsheet
4.3.2.2
4.3.3.2.2.7 x.x
Available Knowledge
Venn Analysis Re-Evaluate 3.3.3.3.2
4.3.3.1.1
4.3.2 TIP
Key Stakeholder(s) & 4.3.2.3
Intelligence Requirement(s) x.x
Past Experience System 1 Thinking 3.3.3.3
Search for Support Data Store 3.3.3.3.3
DataBase
4.3.3.2.3.1 4.3.3.1.2 4.3.2.4
Key Assumptions Check (KAC) Finding and Assessing Evidence 4.3.3.1 x.x x.x
Mental Models
Critical Thinking / Search for Evidence Top-Down 4.3 3.3.3.3.4
Ticketing / Tracking
4.3.3.2.3.2 4.3.3.1.3 Expert Judgement 4.3.2.5
Analysis
Multiple Hypothesis Generation Building an Argument x.x
Cognitive Bias
Search for Relations 3.3.3.3.5
Wiki
4.3.3.2.3.3 4.3.3.1.4
Diagnostic Reasoning Communicating your Message x.x
Mental Shotgun
"What If?" Analysis 4.3.3.2.4
Reframing SAT
4.3.3.3.1
Computer-Based tools using
4.3.3.3
Quasi-Quantitative 4.5.1
Interpretation
x.x
4.3.3.2.4.5 expert-generated data Analysis Presentation " So What?"
Classic Quadrant Crunching
Associative Memory 3.4.1.1
x.x Validity / Accuracy of
4.3.3.2.4.6 Email x.x Information
Premature Closure Premortem Analysis 4.3.3.4.1
Strategic
Data-Based Computer Tools 3.4.1
x.x x.x Source & 3.4.1.2
4.3.3.4
4.3.3.2.4.7 Blog Post Type x.x Reliability of Source
Groupthink Structured Self-Critique Empirical Analysis Operational Information Validity
4.3.3.4.2
Visualization Techniques x.x x.x 3.4.1.3
Groupthink 4.3.3.2.4.8 Article x.x Date & time
Red Hat Analysis Tactical Meet Intelligence
x.x Requirements
Availability Heuristic x.x Conversation x.x
Reported Information Technical 3.4.2.1
x.x Technology Based
Satisficing 4.3.3.2.5.1
Key Uncertainties Finder x.x Stakeholder
Analysis 3.4.2 3.4.2.2
x.x x.x Normalize Hybrid
4.3.3.2.5.2
Stakeholder's Terms x.x
Key Drivers Generation x.x x.x Format & Template
Key Takeaways BLUF / Executive Summary Detail Level 3.4.3 3.4.2.3
Reccomendations x.x
x.x
4.3.3.2.6.1 Threat Level Service 3.4.6
Opportunities Incubator x.x x.x
New / remaining
Broad Threat Context Legend & Methodology
x.x Gaps
4.3.3.2.6.2 Assessment &
SWOT Analysis x.x
Estimation Language x.x
How to counteract Attachments x.x
4.3.3.2.6.3 x.x
Length
Impact Matrix Confidence x.x
4.3.3.2.6 References
Decision
x.x.x.x 4.3.3.2.6.4
Team A/B Analysis Support SAT
Decision Matrix
x.x.x.x
4.3.3.2.6.5 x.x x.x
Devil's Advocacy Terminology Clear
Force Field Analysis
x.x.x.x
4.3.3.2.6.6 x.x x.x
Multiple Pros-Cons-Faults-and-Fixes Focus Concise
Scenario
Generation
x.x x.x
Assessments & Correct
Estimative Language
x.x x.x
Customized Language
x.x
Complete
x.x
Coherent
x.x
Conversational
x.x
Cyber Kill Chain
x.x x.x
Diamond Model Models & Graphs
x.x
Mitre ATT&CK x.x.x
TLP
x.x.x
NATO 4.x
x.x.x Classification
x.x
FOUO / SBU
Compelling
x.x
x.x x.x Tear-Line
Tied to VALUE Telling a Story
x.x
Call to Action