| Course ID: | MIST 5775/7775. 3 hours. |
| Course Title: | Cyber Threat Intelligence |
Course
Description: | Cyber threat intelligence (CTI) aims to provide valuable
intelligence to help organizations be aware of and protect
against cyber-attacks. This course provides students with a hands-
on introduction to the fundamental concepts and tools of cyber
threat intelligence. |
| Oasis Title: | Cyber Threat Intelligence |
| Undergraduate Pre or Corequisite: | MIST 4600 or MIST 4600E |
| Graduate Pre or Corequisite: | MIST 7600 |
Semester Course
Offered: | Offered fall and spring semester every year. |
| Grading System: | A-F (Traditional) |
|
| Course Objectives: | Students will become familiar with the cyber threat
intelligence lifecycle, identifying, collecting, and
integrating intelligence feeds, common intelligence formats,
and standard cyber threat intelligence technologies such as
Collective Intelligence Frameworks (CIF’s), Trusted Automated
eXchange of Intelligence Information (TAXII), and Security
Information and Event Management (SIEM). In addition to these
traditional topics, this course will deliver cutting-edge
cyber threat intelligence education by placing a heavy
emphasis on the application and development of state-of-the-
art Big Data, visualization, web mining, and machine learning
techniques and technologies to bolster common cyber threat
intelligence data sources and threat analytics. Students will
gain significant experiences in developing useful, actionable,
and comprehensive cyber threat intelligence by creating a
novel cyber threat intelligence platform utilizing the
aforementioned analytics techniques on traditional
intelligence feed data and hacker community data sets (e.g.,
DarkNet marketplaces, Hacker Forums, IRC channels).
Upon the successful completion of this course, students will
be able to recognize, describe, identify, discuss, explain,
and implement cyber threat intelligence concepts and
mechanisms from both technical and managerial perspectives
within organizations. |
| Topical Outline: | Topic 1: Cyber Threat Intelligence Introduction and
Intelligence Strategy
• Fundamental cyber threat intelligence concepts and vocabulary
• Intelligence lifecycles
• Threat trending
• Critical asset identification
• Indicators of compromise (IoC’s)
• Modeling threat scenarios for an organization (diamond
modelling)
• Intelligence buy-in
Topic 2: Intelligence Collection, Aggregation, and Capabilities
• Identifying intelligence sources and feeds
• Collecting and aggregating open source intelligence using web
mining techniques
• Collecting and aggregating internal intelligence
• Intelligence formats (e.g., STIX, TAXII, CybOX, MAEC, CAPEC)
• Setting up collective intelligence framework (CIF) and
trusted automated eXchange of intelligence Information (TAXII)
servers
• Security information and event management (SIEM)
• Big Data technologies (Hadoop and Spark) for CTI data
aggregation and processing
Topic 3: Threat Analytics and Reporting
• Lockheed Martin cyber kill chain
• Internal and external hacker profiling and tracking
• Fundamental CTI analytics: summary statistics, event
correlation, reputation, malware analysis, anomaly detection,
forensics
• Threat analytics utilizing machine learning and text mining
approaches
• Network science applications for cyber threat intelligence
applications
• Threat data visualizations and dashboards
Topic 4: Operational Intelligence
• Actionable intelligence
• Courses of action
• Proactive defense
• Threat dissemination and intelligence sharing
• Intelligence strategy, process, and systems review |