All-Source Analysis
Responsible for analyzing data and information from one or multiple sources to conduct preparation of the operational environment, respond to requests for information, and submit intelligence collection and production requirements in support of intelligence planning and operations.
- T0167: Perform file signature analysis
- T0172: Perform real-time forensic analysis (e.g., using Helix in conjunction with LiveView)
- T0569: Answer requests for information
- T0685: Evaluate threat decision-making processes
- T0686: Identify threat vulnerabilities
- T0698: Facilitate continuously updated intelligence, surveillance, and visualization input to common operational picture managers
- T0707: Generate requests for information
- T0718: Identify intelligence gaps and shortfalls
- T0751: Monitor open source websites for hostile content directed towards organizational or partner interests
- T0845: Identify cyber threat tactics and methodologies
- T1020: Determine the operational and safety impacts of cybersecurity lapses
- T1022: Review enterprise information technology (IT) goals and objectives
- T1030: Estimate the impact of collateral damage
- T1035: Determine how threat activity groups employ encryption to support their operations
- T1042: Acquire target identifiers
- T1046: Assess operation performance
- T1047: Assess operation impact
- T1054: Scope analysis reports to various audiences that accounts for data sharing classification restrictions
- T1055: Determine if priority information requirements are satisfied
- T1084: Identify anomalous network activity
- T1085: Identify potential threats to network resources
- T1118: Identify vulnerabilities
- T1119: Recommend vulnerability remediation strategies
- T1489: Correlate incident data
- T1638: Recommend cyber operation targets
- T1640: Determine effectiveness of intelligence collection operations
- T1641: Recommend adjustments to intelligence collection strategies
- T1642: Advise stakeholders on course of action development
- T1643: Develop common operational pictures
- T1644: Develop cyber operations indicators
- T1645: Coordinate all-source collection activities
- T1646: Validate all-source collection requirements and plans
- T1647: Develop priority information requirements
- T1651: Prepare threat and target briefings
- T1652: Prepare threat and target situational updates
- T1661: Assess all-source data for intelligence or vulnerability value
- T1686: Identify intelligence requirements
- T1739: Develop intelligence collection requirements
- T1741: Designate priority information requirements
- T1762: Modify collection requirements
- T1763: Determine effectiveness of collection requirements
- T1765: Monitor changes to designated cyber operations warning problem sets
- T1766: Prepare change reports for designated cyber operations warning problem sets
- T1767: Monitor threat activities
- T1768: Prepare threat activity reports
- T1770: Report on adversarial activities that fulfill priority information requirements
- T1772: Identify indications and warnings of target communication changes or processing failures
- T1775: Prepare cyber operations intelligence reports
- T1776: Prepare indications and warnings intelligence reports
- T1792: Assess effectiveness of intelligence production
- T1793: Assess effectiveness of intelligence reporting
- T1795: Conduct post-action effectiveness assessments
- T1798: Provide intelligence analysis and support
- T1799: Notify appropriate personnel of imminent hostile intentions or activities
- T1804: Prepare network intrusion reports
- T1835: Determine if intelligence requirements and collection plans are accurate and up-to-date
- K0018: Knowledge of encryption algorithms
- K0480: Knowledge of malware
- K0551: Knowledge of targeting cycles
- K0655: Knowledge of intelligence fusion
- K0658: Knowledge of cognitive biases
- K0674: Knowledge of computer networking protocols
- K0675: Knowledge of risk management processes
- K0676: Knowledge of cybersecurity laws and regulations
- K0677: Knowledge of cybersecurity policies and procedures
- K0678: Knowledge of privacy laws and regulations
- K0679: Knowledge of privacy policies and procedures
- K0680: Knowledge of cybersecurity principles and practices
- K0681: Knowledge of privacy principles and practices
- K0682: Knowledge of cybersecurity threats
- K0683: Knowledge of cybersecurity vulnerabilities
- K0684: Knowledge of cybersecurity threat characteristics
- K0689: Knowledge of network infrastructure principles and practices
- K0690: Knowledge of requirements analysis principles and practices
- K0697: Knowledge of encryption algorithm capabilities and applications
- K0718: Knowledge of network communications principles and practices
- K0719: Knowledge of human-computer interaction (HCI) principles and practices
- K0751: Knowledge of system threats
- K0752: Knowledge of system vulnerabilities
- K0766: Knowledge of data asset management principles and practices
- K0773: Knowledge of telecommunications principles and practices
- K0786: Knowledge of physical computer components
- K0787: Knowledge of computer peripherals
- K0788: Knowledge of adversarial tactics principles and practices
- K0789: Knowledge of adversarial tactics tools and techniques
- K0790: Knowledge of adversarial tactics policies and procedures
- K0792: Knowledge of network configurations
- K0806: Knowledge of machine virtualization tools and techniques
- K0812: Knowledge of digital communication systems and software
- K0818: Knowledge of new and emerging cybersecurity risks
- K0825: Knowledge of threat vector characteristics
- K0831: Knowledge of network attack vectors
- K0844: Knowledge of cyber attack stages
- K0845: Knowledge of cyber intrusion activity phases
- K0857: Knowledge of malware analysis tools and techniques
- K0858: Knowledge of virtual machine detection tools and techniques
- K0865: Knowledge of data classification standards and best practices
- K0866: Knowledge of data classification tools and techniques
- K0891: Knowledge of the Open Systems Interconnect (OSI) reference model
- K0892: Knowledge of cyber defense laws and regulations
- K0915: Knowledge of network architecture principles and practices
- K0916: Knowledge of malware analysis principles and practices
- K0925: Knowledge of wireless communication tools and techniques
- K0926: Knowledge of signal jamming tools and techniques
- K0934: Knowledge of data classification policies and procedures
- K0960: Knowledge of content management system (CMS) capabilities and applications
- K0968: Knowledge of analytic standards and frameworks Skill in assigning analytical confidence ratings
- K0969: Knowledge of cyber-attack tools and techniques
- K0983: Knowledge of computer networking principles and practices
- K0984: Knowledge of web security principles and practices
- K0986: Knowledge of target selection criticality factors
- K0987: Knowledge of target selection vulnerability factors
- K0989: Knowledge of intelligence information repositories
- K0990: Knowledge of cyber operations principles and practices
- K0994: Knowledge of denial and deception tools and techniques
- K1002: Knowledge of supervisory control and data acquisition (SCADA) systems and software
- K1005: Knowledge of intelligence collection capabilities and applications
- K1007: Knowledge of intelligence requirements tasking systems and software
- K1008: Knowledge of intelligence support activities
- K1009: Knowledge of threat intelligence principles and practices
- K1010: Knowledge of intelligence policies and procedures
- K1011: Knowledge of network addressing principles and practices
- K1014: Knowledge of network security principles and practices
- K1023: Knowledge of network exploitation tools and techniques
- K1025: Knowledge of decision-making policies and procedures
- K1028: Knowledge of target development principles and practices
- K1035: Knowledge of target research tools and techniques
- K1042: Knowledge of target selection policies and procedures
- K1049: Knowledge of routing protocols
- K1058: Knowledge of intelligence processes
- K1059: Knowledge of request for information processes
- K1063: Knowledge of operation assessment processes
- K1066: Knowledge of threat behaviors
- K1067: Knowledge of target behaviors
- K1068: Knowledge of threat systems and software
- K1069: Knowledge of virtual machine tools and technologies
- K1100: Knowledge of analytical tools and techniques
- K1101: Knowledge of analytics
- K1109: Knowledge of virtual collaborative workspace tools and techniques
- K1113: Knowledge of blue force tracking
- K1196: Knowledge of priority intelligence collection requirements
- K1197: Knowledge of priority intelligence requirements
- S0111: Skill in interfacing with customers
- S0194: Skill in conducting non-attributable research
- S0385: Skill in communicating complex concepts
- S0430: Skill in collaborating with others
- S0433: Skill in creating analytics
- S0434: Skill in extrapolating from incomplete data sets
- S0435: Skill in analyzing large data sets
- S0436: Skill in creating target intelligence products
- S0438: Skill in functioning effectively in a dynamic, fast-paced environment
- S0443: Skill in mitigating cognitive biases
- S0444: Skill in mitigating deception in reporting and analysis
- S0446: Skill in mimicking threat actors
- S0472: Skill in developing virtual machines
- S0473: Skill in maintaining virtual machines
- S0494: Skill in performing operational environment analysis
- S0503: Skill in selecting targets
- S0504: Skill in identifying vulnerabilities
- S0505: Skill in performing intrusion data analysis
- S0506: Skill in identifying customer information needs
- S0509: Skill in evaluating security products
- S0511: Skill in establishing priorities
- S0512: Skill in extracting metadata
- S0514: Skill in preparing operational environments
- S0515: Skill in identifying partner capabilities
- S0516: Skill in performing threat emulation tactics
- S0517: Skill in anticipating threats
- S0535: Skill in performing threat factor analysis
- S0537: Skill in designing wireless communications systems
- S0540: Skill in identifying network threats
- S0555: Skill in performing capabilities analysis
- S0556: Skill in performing requirements analysis
- S0579: Skill in preparing reports
- S0600: Skill in collecting relevant data from a variety of sources
- S0633: Skill in developing position qualification requirements
- S0673: Skill in translating operational requirements into security controls
- S0686: Skill in performing risk assessments
- S0693: Skill in assessing effects generated during and after cyber operations
- S0702: Skill in defining an operational environment
- S0704: Skill in performing target analysis
- S0709: Skill in developing analytics
- S0712: Skill in evaluating data source quality
- S0713: Skill in evaluating information quality
- S0718: Skill in identifying cybersecurity threats
- S0719: Skill in identifying intelligence gaps
- S0724: Skill in managing client relationships
- S0728: Skill in preparing briefings
- S0731: Skill in producing after-action reports
- S0748: Skill in querying data
- S0751: Skill in conducting open-source searches
- S0756: Skill in incorporating feedback
- S0765: Skill in converting intelligence requirements into intelligence production tasks
- S0777: Skill in developing collection strategies
- S0779: Skill in determining information requirements
- S0791: Skill in presenting to an audience
- S0801: Skill in assessing partner operations capabilities
- S0847: Skill in performing all-source intelligence analysis
- S0866: Skill in performing log file analysis
- S0869: Skill in performing metadata analysis
- S0876: Skill in performing nodal analysis
Source: Workforce Framework for Cybersecurity (NICE Framework) (NIST SP 800-181 Rev 1) (Version: 1.0.0)