Back

Applied Threat Analysis

---

95-889

Units: 6

Description

The role of Cyber Threat Analysts is to aggregate and fuse disparate data sources to provide actionable information to decision makers in industry as well as both the federal and civilian government. More and more these sectors are relying on analysts who have a deep understanding of the ecosystem and the risks contained therein to better understand the cyber threats that they are facing. This course seeks to provide a richer context and a basis for understanding the evolving nature of cyber threats. This class will discuss the relationship between vulnerabilities, exploits, and malware. In addition this class will also explore the value of host based or network indicators and other indicators of compromise. Finally we will discuss the continuum of threat actors and why sometimes the greatest threat is from within.

Learning Outcomes

1. Understanding Cyber Threat Ecosystem:

   • Develop a comprehensive understanding of the cyber threat landscape, including the different types of threats and actors involved.
   • Identify the key components of the cyber threat ecosystem and their interrelationships.

2. Data Aggregation and Fusion:

   • Learn techniques to aggregate and fuse disparate data sources effectively.
   • Analyze real-world scenarios to practice data fusion for providing actionable information.

3. Threat Intelligence Analysis:

   • Gain proficiency in analyzing and interpreting threat intelligence data.
   • Understand how to transform raw data into actionable insights for decision-makers.

4. Vulnerabilities, Exploits, and Malware:

   • Explore the relationship between vulnerabilities, exploits, and malware.
   • Learn how to identify and assess vulnerabilities and their potential impact.

5. Indicators of Compromise (IoCs):

   • Examine the value of host-based and network indicators of compromise.
   • Learn how to identify and use IoCs to detect and respond to cyber threats.

6. Threat Actor Profiling:

   • Understand the different types of threat actors, from nation-states to insider threats.
   • Analyze the motivations, tactics, and techniques of various threat actors.

7. Risk Assessment and Mitigation:

   • Develop skills to assess the level of risk posed by specific cyber threats.
   • Explore strategies and best practices for mitigating and managing cyber risks.

8. Incident Response:

   • Gain insights into the incident response process and how to handle cybersecurity incidents effectively.
   • Learn to create incident response plans and execute them in a real-world context.

9. Policy and Compliance:

   • Understand the regulatory and compliance requirements relevant to cybersecurity.
   • Learn to align cyber threat analysis with industry and government regulations.

10. Communication and Reporting:

    • Improve communication skills to convey complex technical information to non-technical stakeholders.
    • Develop the ability to produce concise and actionable reports for decision-makers.

11. Ethical and Legal Considerations:

    • Gain awareness of ethical considerations and legal responsibilities in the field of cyber threat analysis.
    • Learn about the ethical dilemmas and compliance requirements associated with threat analysis.

12. Hands-On Experience:

    • Gain practical experience through labs, simulations, or real-world case studies.
    • Apply the knowledge acquired in the course to solve practical problems in the field.

These learning objectives should help students acquire the necessary knowledge and skills to become proficient Cyber Threat Analysts and contribute effectively to decision-making in both industry and government contexts.

Prerequisites Description

1. Basic Cybersecurity Knowledge: Participants should have a fundamental understanding of cybersecurity concepts, including terminology, principles, and common threats. They should be familiar with concepts like malware, hacking, and cybersecurity best practices.

2. Networking Fundamentals: An understanding of basic networking concepts, protocols, and technologies is essential. This knowledge provides the foundation for understanding network-based threats and indicators of compromise.

3. Operating System Knowledge: Proficiency in common operating systems (e.g., Windows, Linux, macOS) is important. Participants should be able to navigate and configure these systems.

4. Information Security Fundamentals: Familiarity with concepts such as encryption, authentication, access control, and security policies is beneficial.

5. Programming and Scripting Skills: Basic programming and scripting skills (e.g., Python) are useful for automating tasks and analyzing data. Many cyber threat analysis tasks involve working with data, so scripting abilities can be valuable.

6. Risk Management and Compliance: A foundational understanding of risk management principles and compliance requirements can be beneficial for grasping the importance of risk assessment and mitigation in cybersecurity.

7. Security Tools and Technologies: Familiarity with common security tools and technologies used in threat analysis, such as intrusion detection systems (IDS), intrusion prevention systems (IPS), antivirus software, and firewalls, is helpful.

8. Critical Thinking and Problem-Solving: Cyber threat analysis often involves complex problem-solving. Participants should have strong critical thinking skills and the ability to analyze situations, make informed decisions, and adapt to evolving threats.

9. Ethical and Legal Awareness: Awareness of ethical considerations and legal implications in the cybersecurity field is important. Participants should understand the legal and ethical responsibilities associated with handling cybersecurity incidents and data.

10. Communication Skills: Effective communication skills, both written and verbal, are crucial. Participants should be able to convey technical information to non-technical stakeholders and produce clear and actionable reports.

Syllabus

• Syllabus (Timur Snoke - S24)