Time
3 hours 1 minute
Difficulty
Advanced
CEU/CPE
3

Video Transcription

00:04
Speaking of confidence, the analyst
00:07
should be able to take a hard look at their own work
00:11
and makes a determination as faras the
00:15
accuracy or estimated probability as we see here about their actual output.
00:21
So Wikipedia has a nice page on this. Take a look at it,
00:26
and a little confidence
00:27
is the ability to convey doubt
00:30
about a statement of estimated probability,
00:34
meaning that there are very few instances where you can say 100% that something is correct or incorrect.
00:42
We see how this applies to nationals cure reports
00:45
with
00:46
some definitions here. High quality information for high confidence. Potter confidence means incredibly sourced implausible information,
00:55
whereas low confidence beings questionable or implausible information
00:59
risk response relies upon
01:00
these different aspect. So it's important to think about how that fits together.
01:07
How did his psychology is mentioned as part of the,
01:11
uh,
01:11
the body of knowledge as relates to analytic confidence?
01:15
And we also have this Peterson table
01:21
so the analyst can provide a rating score in these four different areas.
01:25
The task task, complexity and time pressure.
01:30
What is the rating score for this?
01:32
Was the work done too quickly and therefore has more probable errors, something to consider
01:38
the source corroboration and team collaboration factors.
01:44
Also, what affect the overall score
01:47
was a lot of assistance provided. Or were analysts working more or less on their own because they did not get the collaboration and cooperation that they were hoping for.
01:57
Also, the reliability of the source
01:59
and the expertise of the analyst to understand the material that they're looking at, how to interpret it and how to fit it into a larger narrative
02:08
and then, lastly, is the use of structured analysis techniques.
02:14
Some of the tools that we've seen in earlier sections could be relevant in these areas so that a proper methodology can be identified. And
02:23
and this can also lend more assurance to the analysts efforts.
02:30
So as the intelligence reports are produced,
02:34
they should be critically evaluated, first of all by the people who created the report.
02:38
Because there are some common areas where an analyst me
02:44
crates of mistakes.
02:46
For instance, if they've done great work in the past, they may start to gain confidence or even over confidence that the work that they're doing now or in the future
02:55
will also be just as accurate and just as high quality.
03:00
That would be what you'd expect that under ideal conditions. But
03:04
it could be that the work that was done, the past head flaws and if that's being relied upon as a basis for future analysis and future decisions, maybe that other work should be reviewed just to make sure that
03:17
it all measures up to a high level of quality for high standard of quality.
03:23
The people who consume the intelligence may also have their issues with
03:28
the value of a report,
03:30
perhaps not understanding how it fits in with other reports that have been published,
03:36
perhaps also not understanding
03:38
the amount of analysis and background tasks that were required to build this information up to a point where it could be presented as a report.
03:49
And uh, over dismissing this kind of work without doing some
03:54
low level analysis is just counterproductive behavior.
04:00
And that should be identified, hopefully at an early stage so that the problem doesn't occur.
04:06
And then there's the last item here on this list is thinking that
04:11
after looking at a report after seeing that there was an incident,
04:14
there may be a tendency then this is just a human nature problem, really.
04:17
But there may be a tendency to think that
04:21
there, this should have been correctly predicted or or these problems should have been spotted sooner. We should have seen this pattern. We should have been able to take some action before the problem got worse and caused damage.
04:33
Second guessing or hindsight, as it's as it might also be known,
04:39
is just a on aspect of how we think. Right? There's not much you can do about this.
04:45
You could look at this information with a, um, objective viewpoint or trying to be as objective as possible
04:51
and try to ask some really hard questions.
04:55
Was there really enough information to make the conclusion?
05:00
Maybe there was. Maybe there wasn't. It's gonna be a case by case basis in either case or another scenario,
05:06
so it's still something to pursue.
05:10
But it's worth mentioning that it could be an area where
05:13
an analyst could get hung up on second guessing themselves and then therefore lose confidence in their ability to produce quality work going forward.

Up Next

Advanced Cyber Threat Intelligence

The Cyber Threat Intelligence (CTI) course is taught by Cybrary SME, Dean Pompilio. It consists of 12 modules and provides a comprehensive introduction to CTI. The subject is an important one, and in addition to discussing tactics and methods, quite a bit of focus is placed on operational matters including the various CTI analyst roles.

Instructed By

Instructor Profile Image
Dean Pompilio
CEO of SteppingStone Solutions
Instructor