Cyber Threat Intelligence Lifecycle Assignment

Questions and Answers

PDF Questions PDF Answers

What are Intelligence Requirements (IRs) primarily considered to be?

Statements on specific data to collect

Subcategories of Collection Requirements

Factual pieces of information needed for analysis

Analytic questions we are trying to answer (correct)

In the context of cyber threat intelligence, what does Essential Elements of Information (EEIs) refer to?

General information about cyber security threats

Prioritized intelligence needs

Operational information regarding intelligence activities

Specifically collected data pieces needed to answer IRs (correct)

What is the primary purpose of Collection Requirements (CRs) in the intelligence framework?

To evaluate existing intelligence strategies

To determine how to assess operational requirements

To outline the necessary data or information to collect (correct)

To categorize intelligence into operational and programmatic

What are Priority Intelligence Requirements (PIRs) designed to denote?

Immediate and functional intelligence needs

Which organization does the scenario in the assignment focus on for developing a Collection Management Framework?

An electronics manufacturer based in Singapore

What should be selected from the drop-down menu in the PIR field for calculations made on the dashboard?

PIR 1

Which type of report is primarily needed to answer the EEI concerning cybersecurity incidents impacting banks?

Incident reports related to cybersecurity

How many EEIs can be chosen for each CR to highlight their potential answers?

Up to five EEIs

What is the primary focus for developing the Priority Intelligence Requirements (PIRs) in this context?

Enhancing cybersecurity for a Singapore-based electronics manufacturer

What is recommended as sources for open source collection regarding CRs?

Established cybersecurity vendors and reputable cyber news sources

Which step is recommended to begin the process of creating your own PIRs?

Examining the sample PIR listed as PIR 0

What should be documented when a good report is found that meets one or more CRs?

Source and report title with hyperlink

What is the row number where CR 6 should be inserted in the CR description field?

Row 7

What should Essential Elements of Information (EEIs) seek to do in relation to the PIR?

Obtain factual answers to support the PIR

How many Collection Requirements (CRs) do you need to create to support your EEIs?

At least five collection requirements

Which of the following best describes the relationship between CRs and EEIs?

CRs are often one to many EEIs

What action needs to be taken to hyperlink the title of each report after documenting it?

Select the cell and press ctrl-k

What is suggested about the sample PIR associated with banks or financial institutions?

It provides a tangible example of the collection management process.

What type of questions do EEIs generally represent?

Questions seeking factual answers

What is crucial when creating your first PIR?

It should be formulated as an analytic question.

When tasked to collect information, what is a key resource to gather data?

Publicly available reports or articles

What is the primary purpose of mapping a report to CRs?

To assess the intelligence relative to each PIR

What does a calculation error in the dashboard indicate?

A reporting gap in CRs

What action should be taken if there is a reporting gap for a specific CR?

Seek out a source or vendor for that CR

How might a CTI team utilize the information provided by the dashboard?

To understand and address collection gaps

What does the term 'deep and dark web reporting' refer to in the context of CR4?

Specific insights into threat actors targeting financial institutions

What must be done after completing the workflow for both PIRs?

Save a copy of the work with your surname in the title

Why is a collection management process necessary for a CTI team?

To adapt to changing stakeholder intelligence needs and threats

What might happen if EEI 0.6 cannot be answered?

The team's intelligence assessment may be compromised

Study Notes

Cyber Threat Intelligence Lifecycle Assignment

• Assignment goal: Develop a Collection Management Framework for a Singapore-based electronics manufacturer

• Key elements of the framework:

  • Priority Intelligence Requirements (PIRs): Analytic questions of interest to the organization's cybersecurity
  • Essential Elements of Information (EEIs): Factual questions seeking answers to the PIRs
  • Collection Requirements (CRs): Statements on the specific information or data needed to fulfill EEIs

• Steps for creating a Collection Management Framework:

  • PIRs: Develop at least two PIRs relevant to the company's cybersecurity.
  • EEIs: Create five EEIs for each PIR, seeking specific factual answers.
  • CRs: Create at least five CRs for each PIR, identifying the types of data or reports needed to address EEIs.
  • Open Source Collection: Collect at least three publicly available reports or articles that answer one or more CRs.

• Process Flow:

  • Phase 1: Develop PIRs, EEIs, and CRs using the provided Excel model.
  • Phase 2: Collect open source reports answering CRs, document sources, and link reports to their corresponding CRs.
  • Phase 3: Analyze the completed framework using the Collection Management Dashboard for reporting biases and collection gaps.

• Important Notes:

  • Data Cascade: The Excel model automatically cascades data into the Dashboard.
  • Reporting Gaps: Cells with calculation errors signal missing information needed to answer specific CRs.
  • Collection Focus: Emphasize using established cybersecurity sources for reliable information.

• Submission: Save a copy of the completed framework as a new file named with your surname.

Description

This assignment focuses on developing a Collection Management Framework tailored for a Singapore-based electronics manufacturer. It requires constructing Priority Intelligence Requirements (PIRs), Essential Elements of Information (EEIs), and Collection Requirements (CRs) that are crucial for enhancing the company's cybersecurity measures.