Target Analysis
Responsible for conducting target development at the system, component, and entity levels. Builds and maintains electronic target folders to include inputs from environment preparation and/or internal or external intelligence sources. Coordinates with partner target working groups and intelligence community members, and presents candidate targets for vetting and validation. Assesses and reports on damage resulting from the application of military force and coordinates federal support as required.
- T0624: Conduct target research and analysis
- T0650: Determine what technologies are used by a given target
- T0684: Estimate operational effects generated through cyber activities
- T0707: Generate requests for information
- T0717: Identify critical target elements
- T0718: Identify intelligence gaps and shortfalls
- T0744: Maintain target lists (i.e., RTL, JTL, CTL, etc.)
- T0769: Perform targeting automation activities
- T0776: Produce target system analysis products
- T0778: Profile targets and their activities
- T1020: Determine the operational and safety impacts of cybersecurity lapses
- T1030: Estimate the impact of collateral damage
- T1032: Determine cyber operation objectives
- T1035: Determine how threat activity groups employ encryption to support their operations
- T1042: Acquire target identifiers
- T1053: Identify and characterize intrusion activities against a victim or target
- T1054: Scope analysis reports to various audiences that accounts for data sharing classification restrictions
- T1055: Determine if priority information requirements are satisfied
- T1084: Identify anomalous network activity
- T1085: Identify potential threats to network resources
- T1118: Identify vulnerabilities
- T1119: Recommend vulnerability remediation strategies
- T1489: Correlate incident data
- T1629: Prepare target analysis reports
- T1638: Recommend cyber operation targets
- T1642: Advise stakeholders on course of action development
- T1648: Develop performance success metrics
- T1653: Build electronic target folders
- T1654: Maintain electronic target folders
- T1661: Assess all-source data for intelligence or vulnerability value
- T1683: Vet targets with partners
- T1697: Prepare all-source intelligence targeting reports
- T1707: Prepare munitions effectiveness assessment reports
- T1754: Initiate requests to guide tasking
- T1782: Develop website characterizations
- T1789: Provide aim point recommendations for targets
- T1790: Provide reengagement recommendations
- T1796: Determine effectiveness of targeting activities
- T1801: Determine validity and relevance of information
- T1814: Protect information sources and methods
- T1824: Identify cyber collateral damage
- T1825: Document cyber collateral damage
- T1835: Determine if intelligence requirements and collection plans are accurate and up-to-date
- K0018: Knowledge of encryption algorithms
- K0480: Knowledge of malware
- K0551: Knowledge of targeting cycles
- K0655: Knowledge of intelligence fusion
- K0658: Knowledge of cognitive biases
- K0674: Knowledge of computer networking protocols
- K0675: Knowledge of risk management processes
- K0676: Knowledge of cybersecurity laws and regulations
- K0677: Knowledge of cybersecurity policies and procedures
- K0678: Knowledge of privacy laws and regulations
- K0679: Knowledge of privacy policies and procedures
- K0680: Knowledge of cybersecurity principles and practices
- K0681: Knowledge of privacy principles and practices
- K0682: Knowledge of cybersecurity threats
- K0683: Knowledge of cybersecurity vulnerabilities
- K0684: Knowledge of cybersecurity threat characteristics
- K0689: Knowledge of network infrastructure principles and practices
- K0697: Knowledge of encryption algorithm capabilities and applications
- K0716: Knowledge of host access control (HAC) systems and software
- K0717: Knowledge of network access control (NAC) systems and software
- K0718: Knowledge of network communications principles and practices
- K0719: Knowledge of human-computer interaction (HCI) principles and practices
- K0732: Knowledge of intrusion detection tools and techniques
- K0751: Knowledge of system threats
- K0752: Knowledge of system vulnerabilities
- K0766: Knowledge of data asset management principles and practices
- K0773: Knowledge of telecommunications principles and practices
- K0786: Knowledge of physical computer components
- K0787: Knowledge of computer peripherals
- K0792: Knowledge of network configurations
- K0812: Knowledge of digital communication systems and software
- K0815: Knowledge of intelligence collection management processes
- K0818: Knowledge of new and emerging cybersecurity risks
- K0825: Knowledge of threat vector characteristics
- K0831: Knowledge of network attack vectors
- K0844: Knowledge of cyber attack stages
- K0845: Knowledge of cyber intrusion activity phases
- K0857: Knowledge of malware analysis tools and techniques
- K0860: Knowledge of malware signature principles and practices
- K0891: Knowledge of the Open Systems Interconnect (OSI) reference model
- K0915: Knowledge of network architecture principles and practices
- K0916: Knowledge of malware analysis principles and practices
- K0925: Knowledge of wireless communication tools and techniques
- K0926: Knowledge of signal jamming tools and techniques
- K0960: Knowledge of content management system (CMS) capabilities and applications
- K0962: Knowledge of targeting laws and regulations
- K0963: Knowledge of exploitation laws and regulations
- K0968: Knowledge of analytic standards and frameworks Skill in assigning analytical confidence ratings
- K0969: Knowledge of cyber-attack tools and techniques
- K0983: Knowledge of computer networking principles and practices
- K0984: Knowledge of web security principles and practices
- K0986: Knowledge of target selection criticality factors
- K0987: Knowledge of target selection vulnerability factors
- K0989: Knowledge of intelligence information repositories
- K0990: Knowledge of cyber operations principles and practices
- K0994: Knowledge of denial and deception tools and techniques
- K0995: Knowledge of dynamic targeting principles and practices
- K0996: Knowledge of deliberate targeting principles and practices
- K1002: Knowledge of supervisory control and data acquisition (SCADA) systems and software
- K1003: Knowledge of targeting governing authorities
- K1005: Knowledge of intelligence collection capabilities and applications
- K1006: Knowledge of intelligence cycle principles and practices
- K1008: Knowledge of intelligence support activities
- K1009: Knowledge of threat intelligence principles and practices
- K1010: Knowledge of intelligence policies and procedures
- K1011: Knowledge of network addressing principles and practices
- K1012: Knowledge of malware characteristics
- K1014: Knowledge of network security principles and practices
- K1017: Knowledge of operational effectiveness assessment principles and practices
- K1019: Knowledge of operations security (OPSEC) principles and practices
- K1023: Knowledge of network exploitation tools and techniques
- K1028: Knowledge of target development principles and practices
- K1035: Knowledge of target research tools and techniques
- K1040: Knowledge of target estimated recovery times
- K1042: Knowledge of target selection policies and procedures
- K1049: Knowledge of routing protocols
- K1059: Knowledge of request for information processes
- K1064: Knowledge of Request For Information (RFI) processes
- K1066: Knowledge of threat behaviors
- K1067: Knowledge of target behaviors
- K1068: Knowledge of threat systems and software
- K1100: Knowledge of analytical tools and techniques
- K1101: Knowledge of analytics
- K1104: Knowledge of geospatial data analysis tools and techniques
- K1106: Knowledge of targeting databases
- K1107: Knowledge of targeting systems and software
- K1109: Knowledge of virtual collaborative workspace tools and techniques
- K1167: Knowledge of information sanitization methods
- K1232: Knowledge of targeting products
- S0111: Skill in interfacing with customers
- S0194: Skill in conducting non-attributable research
- S0208: Skill in determining the physical location of network devices
- S0248: Skill in performing target system analysis
- S0375: Skill in developing information requirements
- S0385: Skill in communicating complex concepts
- S0430: Skill in collaborating with others
- S0433: Skill in creating analytics
- S0434: Skill in extrapolating from incomplete data sets
- S0435: Skill in analyzing large data sets
- S0436: Skill in creating target intelligence products
- S0438: Skill in functioning effectively in a dynamic, fast-paced environment
- S0443: Skill in mitigating cognitive biases
- S0444: Skill in mitigating deception in reporting and analysis
- S0494: Skill in performing operational environment analysis
- S0497: Skill in developing client organization profiles
- S0503: Skill in selecting targets
- S0504: Skill in identifying vulnerabilities
- S0505: Skill in performing intrusion data analysis
- S0506: Skill in identifying customer information needs
- S0509: Skill in evaluating security products
- S0511: Skill in establishing priorities
- S0512: Skill in extracting metadata
- S0514: Skill in preparing operational environments
- S0515: Skill in identifying partner capabilities
- S0534: Skill in developing target lists
- S0535: Skill in performing threat factor analysis
- S0537: Skill in designing wireless communications systems
- S0566: Skill in developing signatures
- S0567: Skill in deploying signatures
- S0600: Skill in collecting relevant data from a variety of sources
- S0610: Skill in communicating effectively
- S0673: Skill in translating operational requirements into security controls
- S0693: Skill in assessing effects generated during and after cyber operations
- S0696: Skill in conducting deep web research
- S0702: Skill in defining an operational environment
- S0704: Skill in performing target analysis
- S0709: Skill in developing analytics
- S0712: Skill in evaluating data source quality
- S0713: Skill in evaluating information quality
- S0714: Skill in performing fusion analysis
- S0718: Skill in identifying cybersecurity threats
- S0719: Skill in identifying intelligence gaps
- S0728: Skill in preparing briefings
- S0740: Skill in creating target materials
- S0744: Skill in performing technical writing
- S0748: Skill in querying data
- S0750: Skill in applying geospatial resources
- S0751: Skill in conducting open-source searches
- S0756: Skill in incorporating feedback
- S0777: Skill in developing collection strategies
- S0779: Skill in determining information requirements
- S0780: Skill in fulfilling information requests
- S0791: Skill in presenting to an audience
- S0801: Skill in assessing partner operations capabilities
- S0802: Skill in assessing partner intelligence processes
- S0847: Skill in performing all-source intelligence analysis
- S0866: Skill in performing log file analysis
- S0869: Skill in performing metadata analysis
- S0876: Skill in performing nodal analysis
Source: Workforce Framework for Cybersecurity (NICE Framework) (NIST SP 800-181 Rev 1) (Version: 1.0.0)