A report may be one of the following:
- A Security Report on a target.
- An Intelligence Report summarizing intelligence on a threat to a specific target or set of targets.
- An Incident Report on an attack that has taken place.
- An Intelligence Report on a target for offensive action.
All reports will be based on a general template with customization due to the report type.
-
Attack Method Delivery Vector
How the attack was facilitated.
-
Background
This portion will describe the strategic circumstances of the report.
-
Cyber Intelligence Report Cover
Transmits the report.
-
Discovery Process
Details the discovery process are addressed.
-
Hybrid indications
Hybrid indications are defined.
-
Incident Report
Category and Features of Intelligence Assessment.
-
Intelligence Assessment
Assessment of the Intelligence.
-
Key Observations
(This part will be filled after the entire report is completed)
-
Modus Operandi
Determines the method of operation.
-
Outlook and Implications
Summary of the event/intelligence and forecast regarding potential second order and third order consequences, spillover effects etc.
-
Recommendations
This portion will list a set of technical and operational recommendations to counter the threat.
-
Report Type
This part will identify the report as an incident report, an analysis of the security status of a target, or an intelligence report on potential threats to a target or to a number of targets.
-
Scope of the Attack
Size, scope and complexity of the attack is described.
-
Sources of Intelligence
This portion details how the intelligence on the threat was derived and the confidence of the information.
-
Strategic Analysis
Strategic Analysis of the Threat Entity.
-
Target
Description of the target/s that the report deals.
-
Target Analysis
Analysis of the targets based on a CARVER matrix.
-
Type of Event
Describes the event being investigated.
-
Cyber Intelligence Report
Cyber Intelligence Reports provide strategic intelligence that highlight current security activity. The reports address seven major risk management categories: vulnerability, physical, legal, trust, identity, human, and geopolitical.
This template accelerates the ability to to collect, analyze, and report on Cyber Intelligence Threats in a proactive, pragmatic approach to the collection of cyber threat and cyber threat analysis as a collaboration.
Shmuel Bar is Director of Studies at the Institute of Policy and Strategy in Herzliya, Israel and on the steering team of the annual "Herzliya Conference". Bar served for thirty years in the Israeli government, first in the IDF Intelligence and then in the Israeli Office of the Prime Minister. During this period, he specialized in Islamic fundamentalism and the Jihadi movement and served in diplomatic postings. Since 2002, he has headed research projects—some of them for U.S. government agencies—and published extensively on issues relating to the Middle East, including radical Islamic ideology, Iranian defense doctrine, leadership and negotiation behavior, Syrian leadership and the Baath party, Jordan, and the Palestinians. He holds a Ph.D. in History of the Middle East from Tel-Aviv University.