A solidly crafted story contains many dependencies, and backstopping is not trivial. There is a deception maxim we need to understand. It goes as follows: Deception planners must assess the possible effects if the adversary responded differently than expected, as well as the risks of the adversary’s not responding favorably. To say again: Deception planners must assess the possible effects if the adversary responded differently than expected, as well as the risks of the adversary’s not responding favorably. Deception planning addresses a key strategic consideration in cyber deception, an area of cyber security that involves the use of misdirection and misinformation to confuse, mislead, or delay potential cyber attackers. Cyber deception planners strategize and execute operations intended to deceive an adversary, usually a potential or active cyber attacker. The objective is often to misdirect their actions, waste their resources, or gain time to further enhance defensive measures.
Learning Objectives
However, this maxim emphasizes the need for these planners to consider the different potential responses from the adversary, rather than just the ideal or expected outcome. "Cyber deception planners need to evaluate the potential consequences of all the different ways the adversary might respond, not just the ones they expect. They must also consider the risks involved if the adversary doesn't respond in a way that benefits their organization." Students learn the evaluation process that help planners to prepare for all scenarios and better protect their organization from cyber threats. It also encourages continual learning and adaptation, as they can use the adversary's responses to refine and improve their cyber deception strategies.
Framework Connections
The materials within this course focus on the NICE Framework Task, Knowledge, and Skill statements identified within the indicated NICE Framework component(s):
Feedback
If you would like to provide feedback on this course, please e-mail the NICCS team at NICCS@mail.cisa.dhs.gov. Please keep in mind that NICCS does not own this course or accept payment for course entry. If you have questions related to the details of this course, such as cost, prerequisites, how to register, etc., please contact the course training provider directly. You can find course training provider contact information by following the link that says “Visit course page for more information...” on this page.