1.2 Introduction to the Intelligence Lifecycle

00:00

Hello. This is Lisa British. Welcome again to the advance of Cyber Threat Intelligence Course. This is the second part off the introduction

00:09

fully dedicated to the intelligence life cycle.

00:12

In this video, we will learn the files of he behind using the intelligence cycle in order to build and organize the advance of Cyber Threat Intelligence Course we will learn what is intelligence cycle,

00:25

then the different steps off the intelligence cycle. And why are we even introduced on this cycle

00:32

in cyber threat intelligence context?

00:36

So let me ask a quick question. Do you think the intelligence cycle was created for cyber threat intelligence context?

00:45

The answer is false.

00:52

The traditional intelligence cycle was built for government and military context, like multiple cyber threat intelligence concepts.

01:03

Before introducing the intelligence cycle, I want to emphasize that data is different from intelligence

01:11

and through the whole course, we mean by intelligence. The results off analyzes and data the results off collection.

01:22

Now let's move to our main focus off this video. The intelligence life cycle. According to the Federation off American Scientists, the intelligence cycle is the process off development row information in to finish it intelligence for policymakers to use in decision making and action.

01:41

So basically, the intelligence cycle

01:44

is an effective way off process and information and turning it into a relevant and actionable intelligence. The intelligence cycle is also called the intelligence process by the US Department of Defense and there any form it surfaces.

02:01

The intelligence cycle is made of five steps

02:05

starting from the planning and direction, then the collection off data, then processing, then analyzes and protection, and finally, the dissemination.

02:16

So let's start with the first phase off the intelligence cycle, planning and direction. This face involves setting goals for the Threat Intelligence program. It is the beginning envy. End of the cycle

02:31

beginning because it consists off defining the requirements for the collection. Face

02:38

the end because finish it intelligence will support decision makers in order to make new requirements.

02:46

Thesis, step planning and direction also includes seven priorities.

02:53

The second phase is collection

02:57

in response to the requirements. The collection is the gathering off data needed to produce a Finnish intelligence that will be used to provide enough context so actions can be taken.

03:12

Gathering data can procure from very different off sources like, for example, logs from the internal i T infrastructure. It can be firewall logs, I PS logs and point clogs, et cetera.

03:27

Thread that defeats from the industry. You can automate receiving feeds from, ah, different paid or public free sources and bubble publicly available information that can be reports, forums, um bastes,

03:46

social media,

03:47

et cetera. Keep in mind that the data collected will be a combination off finish. It'd intelligence like reports and row data like logs or malware signatures. The third phase is processing. Processing

04:05

is the transformation of collected data

04:09

into a format that will be usable by the organization.

04:14

In some cases, collecting data from different sources requires different ways off process in to get a normalized set of information.

04:24

Technically, processing will require extracting IOC's or indicators off compromise from threat reports, e mails or threat feats.

04:34

If you don't know the term IOC's or indicators off compromise, I highly recommend you to go back to the course. In true to the Cyber Threat Intelligence.

04:46

The fourth step is analyzes and production.

04:49

This phase involves the evaluation and enrichment off the processes information in order to understand it.

04:57

The analysis face is all about thinking about the information collected and apply in different lenses in order to the drive, meaning

05:08

this face concludes by drawing conclusion

05:12

from the available information and providing assessment in the form off advice or recommendations.

05:20

The final phase is dissemination.

05:24

Dissemination involves getting the Finnish intelligence and assessment distributed to the appropriate at the audience.

05:32

This includes the frequency off providing this output.

05:38

I know that you know the intelligence cycle and it's the steps why I re particularly interested in introducing vis cycle in city I context

05:48

to answer this question. There is this diagram created by recorded future that I really like.

05:57

It explains how intelligence cycle can be not on Lee. Apply it to the traditional intelligence but also in a cyber threat intelligence environment. For this reason, we wanted to build and organize our course. Basically inspired by this cycle

06:15

in order to make each of the module

06:17

be ecological continuation off the previous wants.

06:24

Now I will summarize what we've seen so far in this video.

06:29

We started by defining what is the intelligence cycle. Then we've learned of the different steps off the intelligence cycle

06:41

and finally we explain it how this process can also be applied in cyber threat, intelligence, environment and how we were inspired by the intelligence cycle in order to make our course.

06:55

I hope you like this video and the full introduction to this course. In the next video, we'll start the first module data collection.