hello and welcome to the fourth module in the Advanced Cyber Threat Intelligence Course In this module, we're going to be thinking about strategic threat, intelligence analysis,
strategic meaning, the longest time frame
of the organization's analysis efforts. As we talked about in previous sections, there is a tactical and operational time frame to consider
Strategic might be thought of as the big picture,
trying to understand, how do these other efforts build up the capability to and understand things like when campaigns are
underway? And how does this, for instance, affected the organization as it moves forward through the various challenges?
I, uh, you know, month to month, year to year basis one of the biggest challenges for the analyst, anyway, is trying to understand how they're their own mind may betray them.
There are lots of ways where human thinking can
give us some tremendous advantages, you know, as far as how we've evolved over time to where we are now.
But some of those same
abilities that our brains have can also work against us.
So we're going to explore some of the,
uh, biases that are thinking can, can generate
and hopefully identify ways, too,
to understand when this is happening, why it might be happening.
And also consider some methods to circumvent these problems.
These could be in the form of logical fallacies, cognitive biases,
errors in logical thinking. These are all areas where
the analyst needs to be very careful.
Trying to pay attention to critical thinking skills
will certainly help,
because this means that the analyst is looking Maur at evidence and facts and trying to draw a more objective conclusion
based on the information that's right in front of them.
If you can completely remove emotion from
from the analysis that serves everyone's purposes much better, so we'll take a little bit deeper into that and see what you think about
how your own brain might be
playing tricks on you occasionally and giving you a sense of intuition that could turn out to be trying to be incorrect. So beyond these mental considerations, we also have to think about
the concept of attribution
in the case of malware in the case of a new incident or attack attribution In the case of a campaign or advanced persistent threat.
This is a tricky business, for sure, and as we'll see, there's sometimes doubt as to the certainty of
an ATTRIBUTION being done correctly or having enough conclusive evidence
when it involves a nation state. This is especially critical to get correct or get us closer to correct as possible because
there are big geopolitical considerations in those instances and
in intelligence information of this type has to be presented very carefully
there is solid reasoning behind
a conclusion of that type. Historical evidence from previous analyses can certainly be useful.
Could be useful in attribution sense Or maybe in a methodology sense, it could also again work against you when
the conclusions of previous analyses
pointed in the wrong direction. That would be interesting to study as a method of quality control or quality assurance.
Toe look at previous work to see did that
assumption pan out wasn't correct
where their errors that were made and if there were errors, what were they and how do we identify those situations again so that we can prevent the errors from happening
during current and future analysis?
The generation and consumption of this kind of reporting
also has to be considered very carefully as I've touched on previously in different sections.
There always has to be an understanding of the intended audience. On the flip side of that, as a consumer of intelligence,
you would also be looking for consistency
and a A a positive look and feel
to the information that's being presented, so let's get started.