Course content

This course will not be your traditional classroom course. The teaching will be centered on three workshops. The course is a part of the experience based master and will therefore aim to build on your professional background and experience. We expect you to contribute with your own experiences and to apply the theory to your own professional practice. The assignment will focus on applying cyber intelligence to a case, preferable based on your organization and/or experience.

The intelligence lifecycle (general methodology) - Planning, building a collection plan - Collection - Processing - Produce - Disseminate -Cyber Intelligence (specific methodology) -Closed-, Open- and Multi-Source Intelligence -Threat actor attribution and analysis -The diamond model -Cyber Defense Kill-Chain -Threat hunting -Information sharing (Tactics, Techniques and Procedures) -Cyber Situation Awareness (Cyber intelligence products)

Learning outcome

Knowledge:

• The candidate possesses knowledge of the intelligence lifecycle
• The candidate possesses thorough knowledge of cyber intelligence
• The candidate possesses through knowledge the following steps: planning, collecting, processing, production and dissemination, related to cyber Intelligence
• The candidate possesses thorough knowledge on how to build Cyber Situation Awareness
• The candidate possesses knowledge on threat actor analysis
• The candidate possesses thorough knowledge of attribution and campaign analysis, related to the cyber domain

Skills:

• The candidate is capable of applying the intelligence lifecycle in the cyber domain
• The candidate is able to understand the importance of and the role of cyber intelligence in the defense of critical cyber resources
• The candidate is capable of applying each step (planning, collecting, processing, production, and dissemination) related to cyber intelligence
• The candidate is able to create and communicate cyber situation awareness
• The candidate is able to acquire and apply knowledge about threat actors related to his/her organization
• The candidate is able to apply attribution and campaign analysis related to the cyber domain

General competence:

• The candidate is capable of analyzing relevant professional and research problems in cyber intelligence
• The candidate is capable of applying their knowledge and skills in new fields, in order to accomplish advanced task and projects in cyber intelligence
• The candidate is capable of working independently as a cyber intelligence analyst and is familiar with terminology
• The candidate is capable of discussing professional problems, analysis and conclusions in the field of cyber intelligence, both with professionals and with general audience
• The candidate has the learning skills to continue acquiring new knowledge and skills in a largely self-directed manner
• The candidate is capable of contributing to innovation and innovation processes

Learning methods and activities

Seminars / workshops - Exercise/Case - Assignments /Project work

The course will have 3 mandatory workshops, The first two workshops lasts one day, the last workshop last two days. The workshops will not be streamed or recorded, physical attendance is required on all three workshops.

• If less than 5 students, the teaching Methods and activities might be adjusted.
• Number of students might be limited (max 10)

Further on evaluation

Re-sit only possible the next time the course is running. About the assessment: Assignments (counts 6/10) and 3 hours home exam (counts 4/10).

Retake can be carried out for some partial assessments without all partial assessments having to be taken up again.

Specific conditions

Recommended previous knowledge

It is recommended to take IIKG6500 Cyber Tactics first

Required previous knowledge

Bachelor degree and 2 year relevant job experience

IMT4213 or IIKG6500 Cyber Tactics need to be passed

Course materials

Books/standards, conference/journal papers and web resources, to be announces at startup

Credit reductions