1.1.1.1.1.

1
Simple Brainstorming
6.1.1.1.1.1 1.1.1.1 1.1.1.1.1
Clear Identify ALL of them Exploration Techniques
1.1.1.1.1.2
Cluster Brainstorming

1.1.1.1.1.3
6.1.1.1.1.2
Circle Boarding
Measurable 1.1.1.2.1
Long-Term
6.1.1.1.1.3 6.1.1.1.1
Correlated to Decision(s) Primary (Feedback) 1.1.1.2 1.1.1.2.2
Identify Their Focus Medium-Term
6.1.1.1.1.4
Frictionless 1.1.1.2.3
Short-Term
6.1.1.1.1.5 6.1.1.1
Meaningful Standards 1.1.1.3 1.1.1.3.1
Identify Their Level Strategic
6.1.1.2

6.1.1.1.2.1
Models 1.1.1.3.2
Not only what we can count Operational
6.1.1.3
6.1.1.1.2
6.1.1.1.2.2 Secondary (Metrics) Templates 1.1.1.3.3
Value & Impact not only 1.1.1 Tactical
output 6.1.1.4 Identify Your
Guides 6.1.1
Stakeholders 1.1.1.3.4
6.1.1.1.2.3 Process & Technical 1.1.1.4.1
Aligned 6.1.1.5 Identify Their Power Stakeholders
Procedures or their focus
Policies
Changed?

6.1.1.6 Who they all are 1.1.1.4.2

Feedback & Metrics, 1.1.1.4 Identify Their Interest

Stakeholder Triage
Best Practices
1.1.1.4.3

6.1.1.7 Identify Their Attitude

Scales
6.1.1.8 1.1.1.4.4
6.1.2.1.1
Structured, Semi-Structured, or 1.1.1.5.1 Identify Their Impact
Technical Primary (Customer)
Unstructured 1.1.1.5
" Rough" Priority
6.1.2.1.2 1.1.2 1.1.1.5.2
Analytical Access Secondary (Consumer)
6.1.2.1 Management
6.1.2.1.3 1.1.3.1 1.1.3.1 1
People & Networking
Skills & Define Personas Map who will use
Competencies 1.1.3.2.1 deliverables
6.1.2 6.1 Role & Function
6.1.2.1.4
Communication People
6.1.2.2
Availability
Resources Do we
have access
1.1.3.2.2
Experience
6.1.2.1.5
Organizational 1.1.3.2.3
Professional Qualifications
1.1.3.2 1.1.3.2.4
Create Profile Cards Cyber Security Focus
1.1.3 1.1.3.2.5
6.1.3.1
Feedback Structuring & Create and Analyse Intelligence Requirements

6.1.3.2.1 Process Tracking Stakeholder Profiles 1.1.3.3 1.1.3.2.6

Survey Tools Map & Track Product Requirements

X.1 6.3.2.1.1 Requirements
SOC 6.1.3.2 1.1.3.2.7

6.1.3.2.2 Intelligence Ingestion

Spreadsheet
Feedback Gathering
6.3.2.1.2
1.1.3.4.1
CSIRT 6.1.3.3 6.1.3 1.1.3.4
Stakeholder Attitude & Impact
Feedback Data Store Technology
6.3.2.1.3 The concerns we
Matrix 1.1.3.4.2

Vulnerability 6.1.3.4 need to address Power & Interest

Management Feedback Analysis
6.1.3.4.1
6.3.2.1.4 6.3.1.1 Statistical SW 6.1.3.5 1.1.4.1.1

Risk When
Intel Program Feedback Results Sharing
X.X Management 1.1.4.1.2

6.3.1 1.1.4.1 How

Feedback 6.3.2.1.5
6.3.1.2
Intel Process Related to
1.1 Planning
Anti-Fraud
Stakeholder
1.1.4.1.3
1.1.4
Communication 6.3.1.3
6.2.1.1
Plan the 1.1.4.2
Who

6.3.2.1.6 Identify Key Stakeholders Engagement Info package 1.1.4.1.4

HR Intel Product & Engagement How often

Service 6.2.1.2 (When? How?)
6.3.2.1.7 1.1.4.3 1.1.4.1.5

Directors & Identify objectives and Suggestions What

Managers requirements How we will engage, for IRs 1.1.4.1.6
6.2.1 who will lead the engagement,
6.3.2.1 when, and to whom, with what
Research Method
6.3.2.1.8
Internal 6.2.1.3 Plan key messages and channels
C-Suite
Select Collection Method(s) 6.2.2
6.3.2.1.9
Board 6.2.1.4 Gather 1.1.5 1.1.5.1
Develop Stakeholder
Generate Schedule Engaging stakeholders Relationship
6.2.3
6.3.2.2.1 6.2.1.5 Evaluate Feedback with
Government What does the
Entities 6.3.2
Communication & Outreach
6.2.4
6.2 Adjustments stakeholder(s) care about
Feedback Analyse Feedback & and Improvements
6.3.2.2.2 1.1.6
Vendors
6.3.2.2
Source Metrics Plan Take note of grievances
External 6.2.5
and requirements
6.3.2.2.3 Generating Metrics
Sector &
Industry
6.3.3.1 6.2.6
Physical 1.1.7
6.3.2.2.4 Resolving Conflicting Develop Criteria 1.1.6.1
Collaborative Meeting Identify Value
Networks Feedback for Effectiveness
6.3.3.2
6.3.2.2.5
Call 6.2.7
Org's Customer
Base
Communicate
6.3.3.3 1.2.2.1.1
Results Technical
Chat
1.2.1.1
6.3.3.4 Maturity 1.2.2.1.2

Email 1.2.1 Analytical

Who the Stakeholders Process & Procedures 1.2.1.2
are and what
6.3.3.5 Mandate 1.2.2.1.3
6.3.3 they Care About People & Networking
Product 6.3
Feedback
6.3.3.6
Type Actively gather 1.2.2.1
Skills &
1.2.2.1.4

Survey Knowledge Management

(Elicit) Competencies
6.3.3.7
Interview
Feedback 1.2.2.1.5
Contextual Domain

6.3.3.8 1.2.2.1.6

Review Process Communication & Organizational

6.3.3.9
1.2.2.2.1
IRM Identify Current Skills Availability
System
How did 1.2.2.2.2
6.3.3.10 we do? Identify Future Skills Needed
API
1.2.2 1.2.2.2 1.2.2.2.3

People Skills Matrix Skill Gap Analysis

6.3.4.1 1.2.2.2.4
Measure of 1.2.2.3 Prioritize Skills Gap
Available
Performance (MoP) 6.3.4 1.2.2.2.5
Measure 1.2 Fill Skill Gaps
6.3.4.2 Type Resource 1.2.3.1
6.4.1 Intelligence Mgmt
Measure of
Useful? 6.4 Refining existing IRs, Management
Effectiveness 1.2.3.3.1
1.2.3.2 Intelligence
(MoE) 6.4.2 Evaluate developing new ones, Tools & Techniques
1.2.3 Supporting Intel process
6.4.3.1 Constructive? Feedback or re-tasking Technology 1.2.3.3.2

Action Knowledge
6.4.3 1.2.3.3
6.3.5.1 Sharing
Yearly 6.4.3.2 Actionable? 1.2.3.3.3

Inaction Insights
1.2.3.4
6.3.5.2 How well Data Storage
6.3.5 did we do? 1.2.3.3.4
Quarterly Cadence 6.6.1.1 TTP's
6.3.5.3
Too Late 1.2.4.1

Per Release 1.2.4 Internal 1.2.3.3.5

6.6.1.2 6.5.1 IOC's
6.6.1
Sources & Access
6.3.5.4
On Time New 1.2.4.2

Ad-Hoc Timeliness 6.5 External

6.6.1.3 6.5.2
1.2.5
Too Early Adjust Immediate Funding 1.2.4.3
Access
6.6.1.4 Tasking
Not at All 6.5.3
1.2.4.5
Stop Bias Identification

6.6.2.1 6.6.2
1.2.4.6
Correct? Accuracy What can
Source Risk
we do better?

6.6.3.1
1.3.1.1
Fit for Purpose Deduplicate
Available
Resources 1.3.1
6.6.3.2 6.6.3 List all topics 1.3.1.2
Tied to IRs Content 6.6 Group 1.3.2.1.1
Secrets
6.6.3.3 Relevance Define 2.1.1.1
Complete? Stakeholder Analysis
Necessary 1.3.2.1
Question Types
1.3.2.1.2
Mysteries

6.6.4.1 6.6.4 Changes 2.1.1.2

1.3.2.1.3
Effective? Format Complexities
Requirements
Management

6.6.5.1
" Cost" to
Stakeholder
6.6.5
Delivery The Mind Map of Intelligence 1.3.2 1.3.2.2
1.3.2.2.1
One Question

1.3.2.2.2
2.1.1
2.1.1.3
Dissemination
2.1.1.4
2.1.2.1.1
Technical

2.1.2.1.2
Analytical
Question Basics Focused Process & Procedures Production

Architecture
6.6.6.1 Generate Questions
Streamline (Requirements) 2.1.1.5 2.1.2.1.3
6.6.6 1.3.2.2.3
Analysis People & Networking
6.6.6.2 1.3.3.1 Single Decision
Update
Workflow & List all Stakeholders
2.1.1.6 2.1.2.1.4
Process Knowledge Management
6.6.6.3
1.3.3 1.3.3.2 Collection
Automate
What can
Improve?
Author: Freddy Murre 1.3
Prioritize all Stakeholders Develop Criteria

1.3.3.3
Prioritize Stakeholders
2.1.1.7
Tracking
2.1.2.1.5
Contextual Domain

6.6.7.1
Intelligence 2.1.1.8 2.1.2.1.6

Possible
6.6.7.2
6.6.7
Decipher
6 Version: 0.7.42 March 2024 Requirements 1.3.4.1
Valuable
Training Communication & Organizational

Impossible Feedback & Management 2.1.2.1 2.1.2.4.1

5.1.1.1
1 (IRM) 1.3.4.2
Skills & Competencies Intelligence Manager & Leader
Metrics
2.1.2.4.2.1

Approaching Stakeholders 6.6.7.3 Specific Collection Requirements

Reasonable Manager (CRM)
Intelligence 2.1.2.2 2.1.2.4.2
5.1.1.2
Dissemination Policy Executive-Level Questions to support Decision: Management 1.3.4.3
Measurable
Skills Matrix Collection Management
2.1.2.4.2.2

5.1.1.3
5.1.1 -How secure are we, really? Management 1.3.4 1.3.4.4
2.1.2.3 2.1.2.4.3
Analysis Manager
Collection Operations
Manager (CRM)

Process & Available

5.1.2.1.1 Templates -What?s the appropriate amount of budget to allocate to non-revenue generating functions List all Requirements Actionable 2.1
Technical Procedures like the security team? 6.8.1.3.1 2.1.2
2.1.2.4.4
5.1.1.4 Downtime
6.8.1.1
Revenue Saved or Lost 1.3.4.5 Resources People 2.1.2.4 Dissemination & Metrics
5.1.2.1.2
Feedback Routines -Are our internal security and technology initiatives tangibly reducing risk to the business? 6.8.1.3.2 Relevant Roles & Functions Manager
Analytical 6.7.1
Resources to 6.8.1.2

-Operational-Level Questions to support Decision: Address Breach New Intel from cases Lessons Identified 1.3.4.6 2.1.2.4.5
5.1.2.1.3
Timely 2.1.2.5 Analytic Ombudsman
People & Networking -How many vulnerabilities have been patched? Analytic Ombudsman
6.8.1.3.3 6.8.1.3
5.1.2.1 6.7.2
Customers Lost Mean Cost of Breach
5.1.2.1.4
Skill & Competencies -How many threats have been found? Lessons Learned 6.7 1.3.5 1.3.4.7
Prioritize all Decision(s) supported
Knowledge Management -What sort of attack attempts were blocked by perimeter defences? Implement 2.1.3.1
5.1.2.2 6.8.1.3.4 6.8.1.4 Requirements Ticketing & Tracking system
Reputational Effect Incident Criticality Impacted by CTI 6.7.3
5.1.2.1.5 Available 2.1.3.2.1

Communication
5.1.2 5.1 -Tactical - Technical-Level Questions to support Decision: Update 1.3.6.1
Manual
People Resources 6.8.1.5
" Best Practices" Key Stakeholders
5.1.2.1.6 Mean time to Detect (MTTD) Prioritized 2.1.3.2 2.1.3.2.2
Organizational Intel Requirements Collection Semi-Automatic
6.7.4 1.3.6.2
5.1.3.1 6.8.1.6 Requirements
Sharing System Mean time to Respond (MTTR) Roadmap & 1.3.6 2.1.3.2.3
5.1.3
Prioritization Map Requirements Automatic
1.3.6.3
6.8.1
Technology 6.8.1.7 Sources
5.1.3.2
Decision-Maker Initiated Changes Most Value & Advanced 2.1.3
2.1.3.3.1
Tracking System (Difficult) 1.3.7 1.3.6.4
Technology Spreadsheet 2.x.3.3.1
5.2.1.1.1.1 6.8.1.8 Vendors Centralized
Background Risk Reduced by CTI
Prioritize Intelligence
Accessible
Requirements 2.1.3.3.2
Structured Data Fields
1.3.6.5 TIP
5.2.1.1.1.2 6.8.1.9 Products & Services Reporting Function
Expectations Changes to Threat Models (Liz)
2.1.3.3.3
2.1.3.3
1.4.1 1.3.6.6
Data Store DataBase
5.2.1.1.1.3 6.8.1.10
Analyse Production Quality
Interests Inform New or Existing Risks
Needs 2.1.3.3.4
1.3.6.7 Ticketing & Tracking
5.2.1.1.1.4 6.8.1.11 Cadence
Agenda Impact to Reputation 1.4.2
1.4 Develop, adjust 2.1.3.3.5
1.3.6.8 Wiki
5.2.1.1.1.5
Capability
6.8.1.12
Level of Preparedness
Intelligence or Discontinue Resources
5.2.1.1.1
Stakeholder(S) Production 1.4.3 1.3.6.9
5.2.1.1.1.6 6.8.1.13
Product Portfolio Timeline 2.1.3.4.1
Knowledge Overall Intelligence Program Value Requirements Spreadsheet
1.4.4
6.8.1.14
5.2.1.1.1.7
Non-Sec projects Supported by CTI
Templates & Style Guides 2.1.3.4.2
Clearance Level Link Charting
What we 1.4.5
6.8.1.15 2.1.3.4
5.2.1.1.1.8 Pre-emptive decisions based on
will be producing Reporting Matrix Analysis 2.1.3.4.3
Time Available Forecasting TIP

2.1.3.4.4
Analysis Tool
1.5.1
5.2.1.1.2.1
Strategic
Analytic Framework
1.5 2.1.3.4.5
Production
Risk
5.2.1.1.2.2 6.8.2.1 Intelligence 1.5.2
Analytic Standards
Operational False Positive Ratio
5.2.1.1.2
Stakeholder Levels
5.2.1.1 Analysis 1.5.3
Audience
5.2.1.1.2.3
Tactical
6.8.2.2
# and % of Discovered Critical Risk &
Management Improvements & Maturity 2.1.3.5.1
IOC's
Vulnerabilities Eliminated
Operations 5.2.1.1.2.4 1.5.4
Technical 2.1.3.5.2
6.8.2.3
Role & Responsibilities 2.1.3.5
Dissemination TTP's & Insights
How we will
# & % of Correct & Incorrect Intel Analyse
5.2.1.1.3.1 2.1.3.5.3
High 6.8.2.4 Knowledge & Intelligence
Compliance Level of Addressing
5.2.1.1.3 1.6.1
5.2.1.1.3.2
Vulnerabilities
Stakeholder Priority Coverage
Medium 1.6
6.8.2.5
5.2.1.1.3.3
Low 5.2.1.1.4
Countermeasures Enacted Intelligence 1.6.2
Gaps
Internal & External
6.8.2.6
Collection 1.7.1.1.1
# and % of (un)Successful Phishing Situational Awareness
Attempts over Time (Trends)
Management 1.6.3
1.7.1.1
5.2.1.2.2.1
Facts
6.8 Long-Term Risk Reduce Uncertainty
6.8.2
5.2.1.2.1 6.8.2.7
Possible Value &
Summarize Medium-Term
1.7.1.1.2
Cause & Effect
5.2.1.2.2.2 Meeting Intelligence Requirements New IOCs Detected How and What
Comments
Intermediate (Medium) Feedback & Short-Term we will Collect
1.7.1.2
Decision Support
5.2.1.2
5.2.1.2.2.3
Assumptions
5.2.1.2.2
Meeting Information Needs Intelligence Question or Issue for
6.8.2.8
New Incidents Discovered from TI Generate Metrics Intelligence &
2.2.1.1.1
Identify
5.2.1 Stakeholder(s)
Decision 1.7.1.3

5.2.1.2.2.4 5.2.1.2.3 AIMS 6.8.2.9 Production 1.7.1

Predictive Assessments
Assessments Providing M.O. & TTPs Attributed to 1.7 2.2.1.2.1.1
Who
5.2.1.2.2.5
Value Threat Actors Requirements Expectation
Value Provided
1.7.1.4 1.7.1.4.1
2.2.1.1
Stakeholder(s)
2.2.1.1.2
Access mgmt
Conclusions 1.7.2 Indications & Warnings Reporting Periods 2.2.1.2.1.2

5.2.1.2.2.6
6.8.2.10
Mitigation Effect
Management Success Criteria(s) 2.2.1.1.3
Plan & Do
What
Remaining Uncertainties 1.7.1.5 What resources
Strategy formulation we have available Who the
2.2.1.2.1.3
6.8.2.11 Stakeholder(s) are
What Good Where
Risk Reduction over Time (Trends) 2.2.1.2.1
looks like 5W+H
1.7.1.6
2.2.1.2.1.4
5.2.1.3.2.1 6.8.2.12
Operational Activities
2.2.1.2 Why
Clarity Intelligence Usability Intelligence
2.2.1.2.2
5.2.1.3.1 Who's Asking
Summary in one Sentence 1.8.1 Requirements Analysis
5.2.1.3.2.2
for what 2.2.1.2.1.5

Relevance
5.2.1.3 6.8.2.13
Intelligence Impact 1.8 Resource Flexibility 1.8.2.1 1.9.1
When
Message Measures of Performance
5.2.1.3.2.3 5.2.1.3.2 Feedback & 1.8.2
Stakeholder Engagement 2.2.1.2.3
Decision(s) 2.2.1.2.1.6
Brevity Quality Control 5.2.1.4 6.8.2.14
Standards Management supported How
Storyline & Standards % of Alerts Created from TI Metrics 1.8.2.2
Measures of Effectiveness What the
5.2.1.3.2.4
Security 6.8.2.15
Management 1.8.3 1.9.2
Intelligence Requirements
Stakeholder(s) really
wants to know
% of Incidents initiated based on TI Scales 2.2.1.3.1
Strategic
5.2.1.3.2.5
Management (IRM)
Ease of Assimilation
5.2.2.1 6.9 1.9.3
2.2.1.3.2
Operational
Valuable
6.8.3.1
Present Feedback How and What 1.9.1
Financial Management 2.2.1.3
Level
we will Measure Funding 2.2.1.3.3
5.2.2.2 # and % of Incidents Identified, & Metrics 1.9.4 Tactical
Timely Worked and Solved
1.9.2 Risk Management
6.8.3.2
Priorities 2.2.1.3.4
5.2.2.3
5.2 # and % of Vulnerabilities
1.9.5 The Priority Technical
Relevant Resource Management and Focus we
Dissemination Discovered, Assessed, and Patched
(or not) 1.9
1.9.3
Budgets
should have
5.2.2.4 5.2.2 1.9.6
Accurate Actionable Plan 6.8.3.3 Intelligence 1.9.4 1.9.4.1
Intelligence Programme 2.2.1.4.1
Context
# and % of GW, FW & AV Detections Staffing Plans Skills Matrix Development
5.2.2.5 Program 2.2.1.4
Decision(s) Supported
Consumable & Available 1.9.5
5.3.1.1.2.1 5.3.1.1.1
6.8.3.4
# and % of Intelligence Products, Management Technology Plans
1.9.7
Communications & 2.2.1.4.2
SOC Threat Hunters 5.2.2.6 5.2.3 Pages, write ups, or blogs Created Key Value(s)
Tailored Knowing your audience & stakeholders will help you answer these questions: Feedback Management
5.3.1.1.2 Pull vs Push 1.9.6
5.3.1.1.2.2 Blue Team - Stakeholder(s) Capacity & Capability to Process 6.8.3.5
Roadmap & Development The decision(s) 2.2.1.5.1.1
IRT - How does the audience take in and absorb information? # and % of IOCs Discovered, 1.9.8 we will Support Product Type
5.3.1.1.3 2.2.1.5.1
Red Team - How much time does your primary audience have to digest your product?
Generated, Ingested, Enriched, and 1.10 1.9.7
Scheduling Management Explicit
Escalated 2.2.1.5.1.2

5.3.1.1.4 - Should the output be a short, focused article for a senior decision maker or a longer piece with more detail that will serve a more Maturity Integrations Time
Purple Team operational audience? 6.8.3.6

5.3.1.1 - Is there more than one primary customer & audience?

# of Risk Control Gaps Identified Management 2.2.1.5
Boundaries
OR
2.2.1.5.1.3

Format
5.3.1.1.5
Forensics CSIRT & CDC - Is there a need to develop different products in different formats? 6.8.3.7 2.2.1
2.2.1.5.1.4

Language
- What is the appropriate language and vocabulary? # of Feeds Ingested
6.10 Direction 2.2.1.5.2
Implicit
- Outputs 2.2.1.6
2.2.1.5.1.5

5.3.1.2 - How many and what types of products do you need to plan for? 6.8.3.8 Feedback on Dissemination
Policies, Regulations & Laws

White Team # and % of RFI's Answered, Partially

5.3.1.3.1
- What exactly will be available to your end user?s? Answered, or Not Answered Feedback & ..
2.2.1.5.1.6

Capability limitations
Security Engineers - Do your audience need the raw data?
5.3.1.3
IT Security - Where and how will you store them after they are released? 6.8.3.9 Metrics 2.2.1.7

- Format of key message # and % of Threat Actors Identified, X.X Production Mgmt
prioritized, and Investigated
5.3.1.3.2
Security Architects 5.3.1.4 - What is the likely format of the main message and its storyline? Feedback
Risk Mgmt - How can you adapt your narrative into a format or structure the end users are accustomed to (PowerPoint, briefs, large reports, etc.)? 6.8.3.10 2.2.1.8
- Will the message be clearest through a map, a briefing or a report? # & % of New Intelligence Analysis Mgmt
Requirements Identified, Generated,
5.3.1.5 - Is the customer more likely to use a hard or soft copy of a product? Processed and Answered
Vulnerability Mgmt - Should it be colour or black and white? 2.2.1.9
- Should the product be short or long, in paragraphs or bullets, with few or many visuals? 6.8.3.11 Collection Mgmt
# and % of Views and Downloads of
5.3.1.6 - Is it possible to capture the essence of your message in one or a few graphics? Intelligence Products, when, by who
Anti-Fraud - Should your findings be summarized in an executive summary? and how 6.8.3
2.2.1.10 2.2.1.10.1
- Communicate Uncertainty
6.8.3.12
Least Value & Starter Expectation Mgmt Success Criteria(s)
5.3.1.7
- How will you communicate uncertainty in your graphics and your narrative? # and % of Survey Replies (Easy)
Insider Threat Mgmt 5.3.1 - What is the best way to report and communicate on the limitations of your analysis?
6.8.3.14 2.2.1.11
Internal - Is your audience accustomed to statistical terms or do you need to use more qualitative terms to reflect on confidence and probability # and % of Probe Attempts Detected Metrics Mgmt
5.3.1.8
levels? 2.2.2.1.1

HR - How will you differentiate between facts and assumptions? 6.8.3.15 Stakeholder
- Dissemination strategy # and % of Phishing Attempts Specifications
Identified and Blocked
- How will your end users access your outputs? 2.2.2.1.2.1

Analogue
5.3.1.9.1 5.3.1.9 2.2.2.1.2
Physical Security Corporate Security - How will you share and document data and methods to ensure transparency and the possibility to verify or reproduce result? 6.8.3.16
Product & Service
- Do you need to attach raw data, reference documents and other supporting evidence to your document and presentation? # and % of Malware Identified and 2.2.2.1.2.2

Digital
Blocked by Which Detection
- What are the protective measures you need to implement and communicate in case of sensitive information? 2.2.2.1
5.3.1.11.1 5.3.1.10 Systems Format
CFO - Who needs to receive the final output?
Directors & Managers
5.3.1.11.2
- Who else needs to be aware it exists? 6.8.3.17 2.2.2.1.3.1

Individual(ly) or Groups(s)
# and % of Click Ratio of Phishing 2.2.2.1.3
CRO - Branding What format
Briefing
Attempts the product should
5.3.1.11.3 - How the final product will be branded? be disseminated
2.2.2.1.3.2

Online or In-person
CISO 5.3.1.11 - Will names or logos be included in the end-product? 6.8.3.18
5.3.1.11.4 C-Suite - How do you want the document to be further quoted? # and % of IOCs Identified, 2.2.2.1.4

Collected, Used, and satisfy EEIs

2.2.2.2 Feed
CIO - How will you acknowledge external support from specific organisation or people? Latest Time Information
5.3.1.12
5.3.1.11.5 SOURCE: ACAPS - The Analysis Canvas 6.8.3.19 is Of Value
COO Board Time spent on Incidents,
5.3.1.11.6
Requirements, Collection, etc. When the
5.3.1.13
CEO product should
Shareholders 6.8.3.20 be delivered
2.2.2.3.1
Direct
Number and Frequency of
5.3.2.1.1
Stakeholder engagements 2.2.2
2.2.2.3 2.2.2.3.2
NCSC (Surveys, calls, meetings) Dissemination Dissemination Delivery Liaison
5.3.2.1.2
5.3 6.8.3.21
Law Enforcement
5.3.2.1
Identify & select # and % of threats identified and
processed
2.2.2.3.3
Technological &
5.3.2.1.3
Government Entities Recipients How the
Integration
Intelligence Services 6.8.3.22
Product should
5.3.2.2 # of Sources, identified, used and be Delivered
5.3.2.1.4 Vendors discontinued in a given period
2.2.2.4.1
FSA Sensitivity
6.8.3.23
# and % of Stakeholders Serviced
5.3.2.3 5.3.2 2.2.2.4.2
2.2.2.4
5.3.2.3.1
ISACs Sector & Industry External 6.8.3.24
TLP & Classification Recipients
# and % of Stakeholders Engaging
5.3.2.3.2
5.3.2.4 With and Using provided Intel for 2.2.2.4.3
ISAOs What Classification Tearline
Collaborative Networks Decision Support the product should
be Disseminated with
5.3.2.5
Media
2.2.3.1.1.1
2.2.2.5 Who?
5.4.1.1.1
Time vs Resource vs
Direct 5.4.1.1
Confidence 2.2.3.1.1.2

5.4.1.1.2 Human What?

Indirect 2.2
5.4.1
Requirements Dialogue 2.2.3.1.1
Descriptive
2.2.3.1.1.3
When?
5.4.1.2.1 Delivery Method
Collaborative Platform (External AND Internal) 2.2.3.1.1.4
5.4.1.2.2 5.4.1.2 Where?
Database
Technology
2.2.3.1
5.4.1.2.3 2.2.3.1.1.5
API Analytical Spectrum
How?

2.2.3.1.2 2.2.3.1.2.1
Explanatory Why?
5.4.2.1.1
Analog
5.4.2.1
Product 2.2.3.1.3 2.2.3.1.3.1
Evaluative What Does it Mean?
5.4.2.1.2
Digital
5.4.2.2
Type of
Phone & Video analysis 2.2.3.1.4 2.2.3.1.4.1
Estimative What Happens Next?
5.4.2.3
2.2.x
Messaging Service Product
2.2.3.2.1
Requirements?

5.4.2.5.1
5.4.2.4
Email 5.4 5 Intelligence 2 Exploration

2.2.3.2.2
Personal
5.4.2.5.2
5.4.2.5
Briefing & Presentation 5.4.2
Select Delivery Dissemination Architecture Direction Diagnostic

Group Delivery Format 2.2.3.2 2.2.3.2.3

5.4.2.6 SATs Reframing
Newsletter
2.2.3.2.4
5.4.2.7 Foresight
Website & Page 2.2.3
Analysis 2.2.3.2.5
5.4.2.8
Combination Decision Support
Blog of SATs

5.4.2.9
Social Networks 2.2.3.3.1
Adapt
5.4.2.10
Conferences, forums, events 2.2.3.3 2.2.3.3.2
Tool(s) Build
5.4.2.11
Feed 5.4.3 Type of
2.2.3.3.3
Delivery Variance Tool(s)
Buy
5.4.2.12
Flat Files 2.2.3.4
Skills & Knowledge

2.2.3.5.1
Intel cycle
5.4.4.1
Long-Term & Annually 2.2.3.5 2.2.3.5.2
Intel Model(s) Cyber Kill Chain
5.4.4.2
Combination 2.2.3.5.3
Medium-Term & Quarterly of Intel Model(s) Diamond Model
4.1.1.1.1
5.4.4.3 Analytical Standards,
Short-Term & Monthly & Models & Procedures
4.1.1.1
Weekly & Daily Analysis 2.2.4.1
4.1.1.1.2 Intel Gaps
5.4.4
Identify & Manage Bias
5.4.4.4 Delivery Cadence
On-Demand 4.1.1 Data, information, or
Intelligence needed
4.1.1.2.1 Process & Procedures 2.2.4.2.1
5.4.4.5 Templates Internal
Ad-hoc 2.2.4.2
Sources
4.1.1.2.2 4.1.1.2 2.2.4.2.2
Who's asking
5.4.4.6 Style Guides Production for what, External
Near Real-Time 5.5.1
TLP 4.1.1.2.3
.. by when,
etc
2.2.4 How and Where
Estimative Language to get it
5.5.2 Collection 2.2.4.3.1

NATO Build
4.1.1.2.4
5.5 Sourcing Requirements
5.5.3
Classification & 2.2.4.3
Access
2.2.4.3.2
Develop
FOUO & SBU
Restrictions 4.1.2.1.1 2.2.4.3.3
5.5.4 Technical 2.2.4.4 Buy
Processing
Encryption
4.1.2.1.2
Analytical
5.5.5 2.2.4.5
Time
Tear Line 4.1.2.1.3
People & Networking
2.2.6.1.1
2.2.5
4.1.2.1 Paraphrase
4.1.2.1.4
Skills & IR Analysis
Knowledge Management
5.6.1 Competence Who, What, Where, 2.2.6.1 2.2.6.1.2
IRs & Question(s) 180 Degrees
Automated 4.1.2.1.5 4.1.2
When, Why, How Rephrased
Contextual Domain People
Feedback 2.2.6.1.3

5.6 4.1.2.2
4.1 2.2.6.2 Broaden Focus
4.1.2.1.6
Availability Decision(s) Supported
Communication
5.6.2
Enable Resources 2.2.6.1.4
Hybrid Feedback 2.2.6.3 Redirect Focus
Feedback & 4.1.2.1.7
Organizational
Time
4.3.3.1.1
5.6.3 Metrics Political 2.2.6.4
2.2.6.1.5
Ask "why?"
Product Type
Manual Feedback 4.1.3.1
2.2.6
4.1.3.x.1
4.3.3.1.2 Data Collection & Concepts & Ideas Read-Back 2.2.6.5
Military Processing Tools Organizer Quality
5.7.1.1
Prepare Delivery Platform 4.1.3.x.2 4.1.3.x 2.2.6.6
4.3.3.1.3 Integrated Data Data Management Expectation Management
5.7.1.2 5.7.1 Economic Repository
Adapt Intelligence to Platform System
Pre-Delivery 2.2.7
2.2.6.7
4.3.3.1 4.1.3.x.3
Metrics
4.3.3.1.4 Adjust if needed
5.7.1.3 PMESII Data Visualization Tools 4.1.3.x
Apply Classifications Social Intelligence
5.7.2 2.2.6.8
Management Write-up of the agreed
5.7.1.4 Schedule Delivery 4.3.3.1.5
4.1.3.2.1
System point
Spreadsheet 4.1.3
Supplementary Materials 5.7 Infrastructure Technology
5.7.3 Deliver 4.1.3.2.2
4.1.3.2
Analysis Tools
Link Charting
Send Out 4.3.3.1.6
5.7.5.1
Intelligence Information 4.3.3.2.1
Notifications Adversary 4.1.3.2.3
Confirm Receipt Strategic <--> Technical 4.1.3.3

Analysis Tools Word Processing

5.7.5.2 4.3.3.2.2
5.7.4
Capability 4.3.3.2
Delivery Support Execute Delivery 5.8 4.1.3.4
Diamond Model
5.7.5.3 Integrate 4.3.3.2.3 Grammar &
Collect Initial Feedback Infrastructure Language
5.7.5 4.3.3.3.1 4.3.3.2.4
5.7.5.4 4.1.3.5
Track Delivery Metrics Post-Delivery X.X Reconnaissance Victim Source &
4.2.1.1
Feedback 4.3.3.3.2 Reference
5.7.5.5 Stakeholder(s)
Weaponization Management
Document the Delivery Process 4.2.1
4.3.3.3.3
4.1.3.6.1 4.1.3.6 4.2.1.2 Objectives 4 3 2.3.1
5.7.5.6
Delivery
Visualization Presentation List all Topics
Follow-Ups Intelligence Requirements
Processing, Collection 2.3.3.1
4.3.3.3.4 Secrets
Exploitation 4.3.3.3
4.1.3.7.1
Finished Intelligence 4.2.2.1 Analysis &
Cyber Kill Chain Warn 2.3.2
4.3.3.3.5
Installation
4.1.3.7.2
Knowledge & Insights
4.1.3.7
Collaboration &
4.2.2.2 4.2.2
Production Generate Questions
2.3.3.2
Mysteries
Sharing (Requirements)
4.3.3.3.6 4.1.3.7.3
Inform Goals (PAP) 2.3.3.3
Command & Control Underlying Data & 4.2.2.3
Sourcing
Complexities
Update
4.3.3.3.7
Actions on Objectives
4.2.3.1 3.1.1.1
2.3.4.1
Analysis
Intelligence Report (INTREP) Valuable
2.3.3
4.2.3.2 3.1.1.2 Group Requirements
4.2.3 Models 2.3.4.2
4.3.3.4.1 Intelligence Report
Reconnaissance Type Specific
Summary (INTSUM) 3.1.1.3
3.1.1
4.3.3.4.2 Process & Collection
4.2.3.3 Methods 2.3.4.3
Weaponization Procedures
Supplementary Intelligence 4.2 Measurable
Report (SUPINTREP) 3.1.1.4
4.3.3.4.3
Delivery
Intelligence Collection 2.3
2.3.4
Production Plan Best Practices
Intelligence List all Requirements
2.3.4.4
Actionable
4.3.3.4.4 4.2.4.1

Social Engineering Analytical Framework

4.2.4
3.1.1.5
Collection
Requirements
& Approach Metrics 2.3.4.5
4.3.3.4.5
Analytical Methods Relevant
Exploitation 4.2.4.2 3.1.1.6

Qualitative vs Quantitative Issues in

3.1.2.1.1
4.3.3.4.6 4.2.5 Processing 2.3.4.6
Technical
Persistence Timely
4.2.6.1
Resource Requirements
3.1.2.1.2
4.3.3.4.7 Sources & Methods Analytical
Defence Evasion 2.3.4.7
What Requirement(s)
4.2.6.2 .. we are Supporting
Decision(s) supported
4.3.3.4.8 4.3.3.4 Review & Update 4.2.6 3.1.2.1.3
People & Networking
Command & Control Unified Kill Chain Research Plan 3.1.2.1

4.2.6.3 Skills &

4.3.3.4.9 Timeline & Milestones Competencies 3.1.2.1.4
3.1.2
Knowledge Management
Pivoting 4.2.7 People 3.1.2.2
4.2.6.4 2.4.1.1
Concept Paper Available 3.1.2.1.5
4.3.3.4.10 Communication & Contextual Domain 2.4.1
Known Knowns
Discovery Presentation What we Know
Identify Current we Know
3.1.2.1.6
4.3.3.4.11 4.2.8 Knowledge
3.1 Communication & 2.4.1.2
Privilege Escalation Terms of Reference (TOR) Organizational Known Unknowns
Resources What we know
4.3.3.4.12 we don't know
Execution
4.3.3.4.13 3.1.3.2.1 2.4.2.1

Credential Access 3.1.3.1 Manual Unknown Knowns

Ticketing & x.x.x.x 2.4.2
Tracking system Targeting 2.4 Identify gaps in
What we don't know
4.3.3.4.14 3.1.3.2.2
we know

Lateral Movement 4.3.1.1 4.3.1 Semi-Automatic Gap Analysis Knowledge 2.4.2.2

Intelligence Log Logging & Registration 3.1.3.2 Unknown Unknowns
4.3.3.4.15 Collection 3.1.3.2.3

Collection Automatic
What we don't know
4.3.x 2.4.3 we don't know
4.3.3.4.16
Standardization 3.1.3.2.4
Processing Build Action Plan
Exfiltration
2.5.1.1.1

4.3.3.4.17 Decision Support

3.1.3 2.5.1.1
Impact 4.3.2 3.1.3.3.1
Stakeholder(s)
Technology Spreadsheet 2.5.1.1.2

4.3.3.4.18 Systematization Stakeholder(s) IR(s) &

Objectives IRs - Basic Int Topic(s) of Concern
3.1.3.3.2 2.5.1.2
TIP = Intel gaps
4.3.3.4.1 Prioritize all
4.3.3 Stakeholders
Initial Access 2.5.1 2.5.1.3.1
Categorization 3.1.3.3 3.1.3.3.3 3.1.3.3.4.1 One Question
4.3.3.4.2
Data Store DataBase Sources Organize & Prioritize
Execution 2.5.1.3 2.5.1.3.2
4.3.4 3.1.3.3.4 3.1.3.3.4.2 List of all List all Requirements Focused
Ticketing & Requirements Intelligence
4.3.3.4.3
Sorting & Grouping Tracking Requirements
Persistence 4.3 Which Resources 2.5.1.3.3
to Collect with 3.1.3.3.4.3 2.5.1.4 Single Decision
Prioritize all
4.3.3.4.4
4.3.5 Collation 3.1.3.3.5
Wiki
Reporting 2.5.2
Requirements
Privilege Escalation Prioritized Intelligence
Selection
4.3.3.4.5
4.2.1.1 2.5 Requirements (PIR)
Disorder
Defence Evasion 4.3.6
3.1.3.4.1
Spreadsheet Intelligence Broken down Into

4.3.3.4.6
4.3.3.4 4.3.7.1 Entity Recognition 4.2.1.2
Requirements
Mitre Chronologies & Simple & Obvious 3.1.3.4.2 2.5.3
Credential Access
Timelines 4.3.7 4.2.1.3 4.2.1 3.1.3.4
Link Charting Development Specific Intelligence
4.3.3.4.7
4.3.7.2 Structuring Complicated Cynefin
Collection Analysis
3.1.3.4.3
Requirements (SIR)
Discovery TIP Platform
Pattern Recognition Broken down Into
4.2.1.4
4.3.3.4.8 4.3.8
Complex Systems
Lateral Movement New Intelligence & 3.1.3.4.4
Strategic Analysis Tool 2.5.4
All of the Answers
4.3.3.4.9
Collection Requirements 4.2.1.5
we Need to Find Essential Elements
Chaotic Systems
Collection of Intelligence (EEI)
4.3.9 3.1.3.5.1 3.1.3.5.1.1
4.3.3.4.10 New Technology, Skills & IOC's MISP
Command & Control 4.4.1.1 Source Requirements 3.1.3.5
Collection Sharing 3.1.3.5.2
4.3.3.4.11
Admiralty Scale 4.x.x.1
TTP's & Insights
Exfiltration (NATO) Link Charting
3.1.3.5.3 3.1.3.5.3.1
4.3.3.4.12 4.4.1.2 4.4.1 4.x.x.2 4.x.x Knowledge & Intelligence Wiki
4.5.3.4.2.1.1 Impact 3x5x2 (UK) Source & Info Evaluation Network Analysis Link & Network Analysis
Sorting 3.2.1 2.6.1
4.5.3.4.2.1.2.1

Paired Comparison 4.4.1.3

4.4.2 4.4 4.x.x.3 Collection Type of Product &
4.5.3.4.2.1.2 4x4 (EUROPOL) Social Network Service
Ranking, Scoring & Levels of Confidence Requirements
4.5.3.4.2.1.2.2

Ranked Voting
Prioritizing
Evaluation Analysis (SNA) 2.6
Management 2.6.2
4.5.3.4.2.1.2.3

Weighted Rankings 4.5.3.4.2.1.3

4.5.3.4.2.1 4.5.2.1.1.1
4.4.3 Product(s) & Service(s) Timeline
Getting Organized Induction 3.2.2
Matrices 4.5.2.1.1.4.1 Initial Deception Detection 3.2.3.1 Management
Observation
3.2 Collection Tracking, Updating 2.6.3
4.5.3.4.2.1.4 4.5.2.1.1.2
Flow Diagrams Deduction Operations & Re-Tasking Work Order
4.5.2.1.1.4.2 4.5.2.1.1 Collection Management
Hypothesis Reasoning What we will

Process Maps &

4.5.3.4.2.1.5 4.5.2.1.1.3
Abduction
Management 3.2.3.2 produce by when, etc
4.5.2.1.1.4.3
3.2.3 Dependencies
Gantt Charts
4.5.3.4.2.2.1
Simple Brainstorming
Prediction
4.5.2.1.1.4
4.5.1.1
Collection
Descriptive 3.2.3.3

4.5.2.1.1.4.4
Scientific Method Manager Objectivity 2.7
4.5.3.4.2.2.2 Experiment 4.5.1.2
Cluster Brainstorming Explanatory 4.5.1 3.2.3.4 Analysis Management
4.5.2.1.1.4.5 Analytical Spectrum Future Needs
4.5.3.4.2.2.3 Analysis 4.5.1.3
Nominal Group Evaluative
Techniques What type of
4.5.2.1.1.4.6 2.8.1
Conclusion 4.5.1.4 analysis we will use
4.5.3.4.2.2.4 4.5.3.4.2.2
Estimative Integrated
CircleBoarding Exploration SAT Requirements
3.3.1 3.3.3.1

4.5.3.4.2.2.5 Background & Clarity 2.8.2

Starbursting 4.5.2.1.2.1.1
Justification 2.8 Mixed Source Base
Search & Filter 3.3.3.2

4.5.3.4.2.2.6 Coordination Collection Management 2.8.3

Mind Maps & 4.5.2.1.2.1.2
3.3.2
Concept Maps Read & Extract 4.5.2.1.2.1 4.5.2.1 3.3.3.3 Overlapping Source
Bottom-Up Traditional Analysis Basic Intelligence Efficiency Coverage
3.3.6.2.1.1
4.5.3.4.2.2.7 4.5.2.1.2.1.3 & Knowledge Gaps Internal & External 3.3.6.2.1.2.1

Tangible
Venn Analysis Schematize 3.3.3.4 2.8.4
4.5.2.2 3.3.6.2.1.2
Confirmation Primary & Secondary 3.3.6.2.1.2.2 Sequential or
Available Knowledge 3.3.3 3.3.6.2.1
Testimonial
4.5.3.4.2.2.8 4.5.2.1.2.1.4
4.5.2 4.5 Collect From Sub-Sourcing
Network Analysis Build Case 4.5.2.1.2 Collection 3.3.3.5
SenseMaking System 1 Thinking Analysis Deadlines
3.3.6.2.1.3 3.3.6.2.1.2.3

4.5.2.3 Management Paid & Free Circumstantial

3.3 Where and how
Past Experience we will find
4.5.2.1.2.2.1 (ICP) Intelligence 3.3.4.1 3.3.6.2.2.1 Answers
4.5.3.4.2.3.1 Re-Evaluate 3.3.4 Selecting Sensors Develop
Key Assumptions Check (KAC) 4.5.2.4 Collection Plan Collection Methods and Sources
4.5.2.1.2.2.2
Mental Mindsets 3.3.6.2.2 3.3.6.2.2.2
4.5.3.4.2.3.2 Search for Support Access Buy 2.9
Chronologies & timelines 3.3.5 3.3.6.1

4.5.2.1.2.2.3 4.5.2.1.2.2 4.5.2.6.1

4.5.2.5
Processing & PIRs, SIRs, EEIs 3.3.6.2.2.3
Tracking of IRs, ICPs,
Cognitive Bias
4.5.3.4.2.3.4.1
4.5.3.4.2.3.3
Cross-Impact Matrix
Search for Evidence Top-Down Automatic
Reporting 3.3.6.2
3.3.6.2.3
Collection Bias
Build Intel Prod Plans, 2.11.1
Simple Hypothesis
4.5.2.1.2.2.4 4.5.2.6.2 4.5.2.6
Sources 3.3.6.2.2.4
Ensure Redundancy Disseminations, etc. Tracking & Managing
4.5.3.4.2.3.4.2 4.5.3.4.2.3.4 Search for Relations Fast Analyst Intuition
Quadrant Hypothesis Multiple Hypothesis Generation 3.3.6.3 2.10 the Process
Generation
4.5.2.1.2.2.5 4.5.2.6.3
Technique & 3.3.6.4.1 Feedback &
4.5.3.4.2.3.4.3 4.5.3.4.2.3.5 4.5.3.4.2.3 Search for Information Subconscious Technology Accountable 2.11.2
Multiple Hypotheses
Generator
Diagnostic Reasoning Diagnostic SAT How & What 3.3.6 Improvements Intelligence
to Collect Activity Plan & 3.3.6.4 3.3.6.4.2
4.5.3.4.2.3.6 4.5.2.7.1
Resources Consulted Requirements (IRs)
Analysis of Competing Hypothesis Creative Thinking Work order
(ACH) 4.5.2.7
3.3.6.5 3.3.6.4.3 2.11.3
4.5.2.7.2
Innovation Informed
4.5.3.4.2.3.8.1
4.5.3.4.2.3.7 Lateral Thinking
3.3.7 Product & Intelligence Collection
MOM
Inconsistencies Finder 4.5.3.4.1.1 Collection Matrix Service(s)
Key Stakeholder(s) & 3.3.6.4.4 Plan (ICP)
4.5.3.4.2.3.8.2
Supporting 2.11
POP 4.5.3.4.2.3.8 Intelligence Requirement(s) 3.3.6.6 3.5.1.1.1

4.5.3.4.2.3.8.3
Deception Detection 3.3.8 Stakeholder(s)
(sometimes) Case & Incident Handling Intelligence Plan 2.11.4
4.5.3.4.1.2
MOSES
Finding and Assessing Evidence 4.5.3.4.1 Legality Intelligence Production
4.5.3.4.2.3.9 3.3.6.7 3.5.1.1.2
Mirror Imaging Bias 4.5.3.4.2.3.8.4

EVE
Argument Mapping Critical Thinking & 4.5.3.1 Influencing Factors Red Teaming Plan
4.5.3.4.1.3 Expert Judgement Slow 3.5.1.1
How we will Manage &
Building an Argument Direct the Process
Confirmation Bias 3.3.6.8 Internal Investigations 3.5.1.1.3
4.5.3.2 Timeliness Purple Teaming 2.11.5
4.5.3.4.2.4.1
4.5.3.4.1.4
Deliberate 3.4 3.5.1.2 Dissemination
Vividness Bias Communicating your 4.5.3
Outside-in Thinking Security Solutions
Message Effectively 4.5.3.3 System 2 Thinking Research 3.5.1.1.4
Threat Hunting
Evidence 4.5.3.4.2.4.2
Conscious 3.5.1.3
X.X
Acceptance
Bias
Structured Analogies
4.5.3.4
Logs Feedback 2.11.6

Analytic
Feedback & Metrics
4.5.3.4.2.4.3 3.5.1.4
Hindsight Bias Red Hat Analysis 4.6 3.5.X Apps & Programs
4.5.3.5 3.5.1.1
Logical Integration / Source Internal
4.5.3.4.2.4.4 3.5.1.5
Quadrant Crunching Synthesis Identification Users
4.5.3.4.2

4.5.3.4.2.4.5
Six Structured Analytical 3.5.1.6
Premortem Analysis Techniques (SAT) 4.7.1 Internal Functions &
Families Gap Analysis 3.5.1
Activities
3.5.2.2.1
4.5.3.4.2.4.6 Sharing Groups
Structured Self-Critique 4.5.3.4.2.4
4.7 Source Type
Reframing SAT 4.7.2 3.5.1.2.1

Anchoring Effect 4.5.3.4.2.4.7

" So What?" Interpretation Vendors 3.5.2.2.2
Chat Rooms
"What If?" Analysis
3.5.1.2.2
Desire for Coherence and 4.7.3 Cooperative Networks 3.5.2.2.3 Pivoting and
Uncertainty Reduction Industry Contacts
4.5.3.4.2.4.8
High Impact &
" Now What?" 3.5.1.2 New Collection
External 3.5.1.2.3 Requirements
Mental Shotgun Low Probability Analysis
Government Entities 3.5.2.2.4
Trusted Non-public
4.5.3.4.2.4.9 4.8.x.1 3.5.x Relationships
Associative Memory 4.5.3.4.2.4.10.1

Mutual Understanding Delphi Method 4.5.3.4.3.1 4.5.3.4.3 3.5.1.2.4

Computer-Based tools using Quasi-Quantitative Source Access OSINT

4.5.3.4.2.4.10.2
4.5.3.4.2.4.10 expert-generated data Analysis 4.8.x.2 4.8.x
Premature Closure Joint Escalation
Adversarial Collaboration Draft 3.5.3.1
4.5.3.4.2.4.10.3
Production Reporting Entity 3.5.3.2.1
Groupthink The Nosenko Approach
4.8.x.3 knowledge of the topic
4.5.3.4.4.1
Data-Based Computer Tools
Edit 3.5.3.2
Groupthink 3.5.3.2.2
4.5.3.4.4 Reporting Author Proximity
4.5.3.4.2.5.1
Empirical Analysis
Key Drivers Generation 4.5.3.4.4.2 4.8.1.1
3.5
Availability Heuristic Visualization Techniques 3.5.3.3.1
Stakeholder Needs Methodology
4.5.3.4.2.5.2 Sources 3.5.3 Described?
Satisficing Key Uncertainties Finder 4.8.1.2 4.8.1 Source Reliability
Intelligence Requirements Aligned 3.5.3.3.2
4.5.3.4.2.5.3 Methodology Robust?
Reversing Assumptions 4.8.1.3 3.5.3.3
Key Value 3.5.4 Methodology 3.5.3.3.3
4.5.3.4.2.5.4 Source Relevance Reporting Selective?
Simple Scenarios
4.5.3.4.2.5
Foresight SAT 4.8.2.1 3.5.3.3.4
4.5.3.4.2.5.5
Strategic Consistency
Cone of Plausibility 3.5.5
4.8.2.2 Source Risk 3.5.3.4.1
4.5.3.4.2.5.6
Alternative Futures Analysis Operational 4.8.2 To inform
3.5.6 3.5.3.4
4.8.2.3 Detail Level Agendas or 3.5.3.4.2
4.5.3.4.2.5.7 4.8.3.1.1
Tactical Bias Identification Media & Marketing
Multiple Scenarios Generation Report Where to Purpose Effort
Collect From
4.8.2.4 3.5.7
4.5.3.4.2.5.8 4.8.3.1.2 3.5.3.4.3
Morphological Analysis Presentation Technical Source (Geo)Political
Prioritization
4.5.3.4.2.5.9 4.8.3.1.3 4.8
Counter Factual Reasoning Email
Production 3.5.3.5.1
Admiralty Scale (NATO)
4.5.3.4.2.5.10 4.8.3.1.4 4.8.3.1
Analysis by Contrasting Narratives Blog Post 3.5.3.5 3.5.3.5.2
Type 3x5x2 (UK)
Source Evaluation
4.5.3.4.2.5.11 4.8.3.1.5
Indicators Generation, Validation & Article 3.5.3.5.3

Evaluation 4x4 (EUROPOL)

3.5.3.6
4.8.3.1.6
x.x.x.x Conversation Source Confidence
Team A-B Analysis

x.x.x.x
Devil's Advocacy 4.5.3.4.2.6.1 4.8.3.2.1 3.6.1
Opportunities Incubator Stakeholder's Terms Raw Data
4.8.3.2.2.1

x.x.x.x
Cyber Kill Chain
Multiple 4.5.3.4.2.6.2 3.6 3.6.2
Impact Matrix 4.8.3.2.2.2 4.8.3.2.2
Scenario
Generation
Diamond Model
Models, Graphs & Graphics Collecting! Exploited
4.8.3.2.2.3
4.5.3.4.2.6.3 3.6.3
Mitre ATT&CK
Bowtie Matrix 4.8.3.2 Intelligence
Format & Template 3.7.1.1.1
4.5.3.4.2.6.4 4.8.3.2.3.1
Reliability of Information
Narrative-Flow
SWOT Analysis
4.8.3
4.8.3.2.3.2
4.8.3.2.3 3.7.1.1 3.7.1.1.2
4.5.3.4.2.6.5 4.5.3.4.2.6 Tied to Value
Telling a Story Product Validity & Accuracy of Relevancy of Information
Critical Path Analysis Decision Support SAT Information
4.8.3.2.3.3

4.8.3.3.3.1.1 4.8.3.3.3.1 Call to Action 3.7.1 3.7.1.1.3

4.5.3.4.2.6.6 Source & Info Evaluation Reported Information 4.8.3.2.4 4.8.3.x Screening, Source & 3.7.1.2 Accuracy of Information
Decision Trees Compelling Writing Writing Reliability of Source
Information Validity
4.8.3.3.3.2
4.5.3.4.2.6.7 Comments 3.7.1.3
Decision Matrix Date & time
4.8.3.3.3.3
4.5.3.4.2.6.8 Assessment 4.8.4
Force Field Analysis 4.8.3.3.1 3.7.2.1
BLUF & Executive Service Technology Based
4.8.3.3.3.4
Summary
4.5.3.4.2.6.9 Assumptions
Pros-Cons-Faults-and-Fixes 3.7 3.7.2 3.7.2.2
4.8.3.3.2 Hybrid
4.8.3.3.3.5 Introduction 4.9 Processing Normalize
Source Summary
4.5.3.4.2.6.10
Complexity Manager Statement
Review, Quality 3.7.3 3.7.2.3
4.8.3.3.3.6.1 4.8.3.3.3
Enrich Human Based
Objectives and Intent
4.8.3.3.3.6
Discussion & Analysis Assurance &
4.8.3.3.3.6.2
Key Takeaways
4.8.3.3.4
Quality Control 3.7.4
Structure &
Capabilities Conclusion
4.8.3.3 Deduplicate
4.8.3.3.5.1
Threat Level
Structure
4.8.3.3.3.7.1 3.7.5
Risk Analysis Entity Recognition
4.8.3.3.5.2 4.8.3.3.5 4.10.1
Assessment & Legend & Methodology TLP
4.8.3.3.3.7.2
Estimation Language 3.7.6
Recommendations 4.8.3.3.3.7
Combine & Link
Business Impact 4.8.3.3.6 4.10.2 3.8
4.8.3.3.5.3 Attachments NATO
4.8.3.3.3.7.3
Broad Threat Context 4.8.3.3.3.8
Confidence
4.10 Send to Analysis 3.7.7
Scope Note 4.8.3.3.7 4.10.3 New & remaining Gaps
4.8.3.3.3.7.4
References 4.8.3.4 FOUO & SBU Dissemination
Length
How to counteract
4.10.4
Caveat
4.8.3.5.1.1 4.8.3.5.1
Terminology Clear
Tear-Line 3.9
4.10.5 Feedback
4.8.3.5.2.1
NDA
Focus
4.8.3.5.2
Concise
4.8.3.5.2.2
Assessments &
4.8.3.5.3
4.11
Estimative Language
Correct
4.8.3.5 Release for
Language
4.8.3.5.4
Customized
Dissemination
4.8.3.5.5
Complete
4.8.3.6
4.8.3.5.6
Coherent Enable Feedback & X.X
Metrics Feedback
4.8.3.5.7
Conversational