What is CTIA?
Certified Threat Intelligence Analyst (C|TIA) is designed and developed in collaboration with cybersecurity and threat intelligence experts across the globe to help organizations identify and mitigate business risks by converting unknown internal and external threats into known threats. It is a comprehensive, specialist-level program that teaches a structured approach for building effective threat intelligence.
Become a Certified Threat Intelligence Analyst
In the ever-changing threat landscape, C|TIA is an essential program for those who deal with cyber threats on a daily basis. Organizations today demand a professional-level cybersecurity threat intelligence analyst who can extract the intelligence from data by implementing various advanced strategies. Such professional-level programs can only be achieved when the core of the curricula maps with and is compliant to government and industry published threat intelligence frameworks.
C|TIA is a method-driven program that uses a holistic approach, covering concepts from planning the threat intelligence project to building a report to disseminating threat intelligence. These concepts are highly essential while building effective threat intelligence and, when used properly, can secure organizations from future threats or attacks.
Certification Target Audience
This program addresses all the stages involved in the Threat Intelligence Life Cycle. This attention to a realistic and futuristic approach makes C|TIA one of the most comprehensive threat intelligence certifications on the market today. This program provides the solid, professional knowledge that is required for a career in threat intelligence, and enhances your skills as a Threat Intelligence Analyst, increasing your employability. It is desired by most cybersecurity engineers, analysts, and professions from around the world and is respected by hiring authorities.
The purpose of the CTIA credential is to:
To enable individuals and organizations with the ability to prepare and run a threat intelligence program that allows ‘evidence-based knowledge’ and provides ‘actionable advice’ about ‘existing and unknown threats’. To empower information security professionals with the skills to develop a professional, systematic, and repeatable real-life threat intelligence program.
To differentiate threat intelligence professionals from other information security professionals. For individuals: To provide an invaluable ability of structured threat intelligence to enhance skills and boost their employability. For more information on CTIA application process, please click here
Ethical Hacking is often referred to as the process of penetrating one’s own computer/s or computers to which one has official permission to do so as to determine if vulnerabilities exist and to undertake preventive, corrective, and protective countermeasures before an actual compromise to the system takes place.
Exam Information
CTIA (Prefix 312-85) exam is available at the ECC Exam Center. EC-Council reserves the right to revoke the certification status of candidates that do not comply with all EC-Council examination policies found here.
CTIA Exam Details
Exam Duration 2 Hours
Number of Questions 50
CTIA Blueprint
Clause: Age Requirements and Policies Concerning Minors
The age requirement for attending the training or attempting the exam is restricted to any candidate that is at least 18 years old.
If the candidate is under the age of 18, they are not eligible to attend the official training or eligible to attempt the certification exam unless they provide the accredited training center/EC-Council a written consent of their parent/legal guardian and a supporting letter from their institution of higher learning. Only applicants from nationally accredited institution of higher learning shall be considered.
Disclaimer: EC-Council reserves the right to impose additional restriction to comply with the policy. Failure to act in accordance with this clause shall render the authorized training center in violation of their agreement with EC-Council. EC-Council reserves the right to revoke the certification of any person in breach of this requirement.
1. Introduction to Threat Intelligence
1.1 Understanding Intelligence
1. Definition of Intelligence and Its Essential Terminology
2. Intelligence vs. Information vs. Data
3. Intelligence-Led Security Testing (Background and Reasons)
1.2 Understanding
Cyber Threat Intelligence
1. Definition of Cyber Threat Intelligence
2. Stages of Cyber Threat Intelligence
3. Characteristics of Threat Intelligence
4. Benefits of Cyber Threat Intelligence
5. Enterprise Objectives for Threat Intelligence Programs
6. How Can Threat Intelligence Help Organizations?
7. Types of Threat Intelligence
7.1 Strategic Threat Intelligence
7.2 Tactical Threat Intelligence
7.3 Operational Threat Intelligence
7.4 Technical Threat Intelligence
8. Threat Intelligence Generation
9. Threat Intelligence Informed Risk Management
10. Integration of Threat Intelligence into SIEM
11. Leverage Threat Intelligence for Enhanced Incident Response
11.1 Enhancing Incident Response by Establishing SOPs for Threat Intelligence
12. Organizational Scenarios Using Threat Intelligence
13. What Do Organizations and Analysts Expect?
14. Common Information Security Organization Structure
14.1 Responsibilities of Cyber Threat Analyst
15. Threat Intelligence Use Cases
1.3 Overview of Threat Intelligence Lifecycle and Frameworks
1. Threat Intelligence Lifecycle
2. Role of Threat Analyst in Threat Intelligence Lifecycle
3. Threat Intelligence Strategy
4. Threat Intelligence Capabilities
5. Capabilities to Look for in Threat Intelligence Solution
6. Threat Intelligence Maturity Model
7. Threat Intelligence Frameworks
7.1 Collective Intelligence Framework (CIF)
7.2 CrowdStrike Cyber Threat Intelligence Solution
7.3 NormShield Threat and Vulnerability Orchestration
7.4 MISP – Open-Source Threat Intelligence Platform
7.5 TC Complete™
7.6 Yeti
7.7 ThreatStream
8. Additional Threat Intelligence Frameworks
2. Cyber Threats and Kill Chain Methodology
2.1 Understanding Cyber Threats
1. Overview of Cyber Threats
2. Cyber Security Threat Categories
3. Threat Actors/Profiling the Attacker
4. Threat: Intent, Capability, Opportunity Triad
5. Motives, Goals, and Objectives of Cyber Security Attacks
6. Hacking Forums
2.2 Understanding Advanced Persistent Threats
1. Definition of Advanced Persistent Threats
2. Characteristics of Advanced Persistent Threats
3. Advanced Persistent Threat Lifecycle
2.3 Understanding Cyber Kill Chain
1. Cyber Kill Chain Methodology
2. Tactics, Techniques, and Procedures
3. Adversary Behavioral Identification
4. Kill Chain Deep Dive Scenario – Spear Phishing
2.4 Understanding Indicators of Compromise
1. Indicators of Compromise
2. Why Indicators of Compromise Important?
3. Categories of Indicators of Compromise
4. Key Indicators of Compromise
5. Pyramid of Pain
3. Requirements, Planning, Direction, and Review
3.1 Understanding Organization’s Current Threat Landscape
1. Identify Critical Threats to the Organization
2. Assess Organization’s Current Security Pressure Posture
2.1 Assess Current Security Team’s Structure and Competencies
2.2 Understand Organization’s Current Security Infrastructure and Operations
3. Assess Risks for Identified Threats
3.2 Understanding Requirements Analysis
1. Map Out Organization’s Ideal Target State
2. Identify Intelligence Needs and Requirements
3. Define Threat Intelligence Requirements
3.1 Threat Intelligence Requirement Categories
4. Business Needs and Requirements
4.1 Business Units, Internal Stakeholders, and Third Parties
4.2 Other Teams
5. Intelligence Consumers Needs and Requirements
6. Priority Intelligence Requirements
7. Factors for Prioritizing Requirements
8. MoSCoW Method for Prioritizing Requirements
9. Prioritize Organizational Assets
10. Scope of the Threat Intelligence Program
11. Rules of Engagement
12. Non-disclosure Agreements
13. Avoid Common Threat Intelligence Pitfalls
3.3 Planning a Threat Intelligence Program
1. Prepare People, Processes, and Technology
2. Develop a Collection Plan
3. Schedule a Threat Intelligence Program
4. Plan a Budget
5. Develop a Communication Plan to Update Progress to Stakeholders
6. Aggregate Threat Intelligence
7. Select a Threat Intelligence Platform
8. Consuming Intelligence for Different Goals
9. Track Metrics to Keep Stakeholders Informed
3.4 Establishing Management Support
1. Prepare Project Charter and Policy to Formalize the Initiative
1.1 Establish Your Case to Management for a Threat Intelligence Program
1.2 Apply a Strategic Lens to the Threat Intelligence Program
3.5 Building a Threat Intelligence Team
1. Satisfy Organizational Gaps with the Appropriate Threat Intelligence Team
1.1 Understand different Threat Intelligence Roles and Responsibilities
1.2 Identify Core Competencies and Skills
1.3 Define Talent Acquisition Strategy
1.4 Building and Positioning an Intelligence Team
1.5 How to Prepare an Effective Threat Intelligence Team
3.6 Overview of Threat Intelligence Sharing
1. Establishing Threat Intelligence Sharing Capabilities
2. Considerations for Sharing Threat Intelligence
3. Sharing Intelligence with Variety of Organizations
4. Types of Sharing Partners
5. Important Selection Criteria for Partners
6. Sharing Intelligence Securely
3.7 Reviewing
Threat Intelligence Program
1. Threat Intelligence-Led Engagement Review
2. Considerations for Reviewing Threat Intelligence Program
3. Assessing the Success and Failure of the Threat Intelligence Program
4. Data Collection and Processing
4.1 Overview of
Threat Intelligence Data Collection
1. Introduction to Threat Intelligence Data Collection
2. Data Collection Methods
3. Types of Data
4. Types of Threat Intelligence Data Collection
4.2 Overview of Threat Intelligence Collection Management
1. Understanding Operational Security for Data Collection
2. Understanding Data Reliability
3. Ensuring Intelligence Collection Methods Produce Actionable Data
4. Validate the Quality and Reliability of Third-Party Intelligence Sources
5. Establish Collection Criteria for Prioritization of Intelligence Needs and Requirements
6. Building a Threat Intelligence Collection Plan
4.3 Overview of Threat Intelligence Feeds and Sources
1. Threat Intelligence Feeds
2. Threat Intelligence Sources
4.4 Understanding Threat Intelligence Data Collection and Acquisition
1. Threat Intelligence Data Collection and Acquisition
2. Data Collection through Open-Source Intelligence (OSINT)
2.1 Data Collection through Search Engines
2.2 Data Collection through Web Services
2.3 Data Collection through Website Footprinting
2.4 Data Collection through Emails
2.5 Data Collection through Whois Lookup
2.6 Data Collection through DNS Interrogation
2.7 Automating OSINT Effort Using Tools/Frameworks/Scripts
3. Data Collection through Human Intelligence (HUMINT)
3.1 Data Collection through Humanbased Social Engineering Techniques
3.2 Data Collection through Interviewing and Interrogation
3.3 Social Engineering Tools
4 Data Collection through Cyber Counterintelligence (CCI)
4.1 Data Collection through Honeypots
4.2 Data Collection through Passive DNS Monitoring
4.3 Data Collection through Pivoting Off Adversary’s Infrastructure
4.4 Data Collection through Malware Sinkholes
4.5 Data Collection through YARA Rules
5. Data Collection through Indicators of Compromise (IoCs)
5.1 IoC Data Collection through External Sources
5.2 IoC Data Collection through Internal Sources
5.3 Tools for IoC Data Collection through Internal Sources
5.4 Data Collection through Building Custom IoCs
5.5 Tools for Building Custom IoCs
5.6 Steps for Effective Usage of Indicators of Compromise (IoCs) for Threat Intelligence
6. Data Collection through Malware Analysis
6.1 Preparing Testbed for Malware Analysis
6.2 Data Collection through Static Malware Analysis
6.3 Data Collection through Dynamic Malware Analysis
6.4 Malware Analysis Tools 6.5 Tools for Malware Data Collection
4.5 Understanding Bulk Data Collection
1. Introduction to Bulk Data Collection
2. Forms of Bulk Data Collection
3. Benefits and Challenges of Bulk Data Collection
4. Bulk Data Management and Integration Tools
4.6 Understanding Data Processing and Exploitation
1. Threat Intelligence Data Collection and Acquisition
2. Introduction to Data Processing and Exploitation
3. Structuring/Normalization of Collected Data
4. Data Sampling
4.1 Types of Data Sampling
5. Storing and Data Visualization
6. Sharing the Threat Information
5. Data Analysis 5.1 Overview of Data Analysis
1. Introduction to Data Analysis
2. Contextualization of Data
3. Types of Data Analysis
5.2 Understanding Data Analysis Techniques
1. Statistical Data Analysis
1.1 Data Preparation
1.2 Data Classification
1.3 Data Validation
1.4 Data Correlation
1.5 Data Scoring
1.6 Statistical Data Analysis Tools
2. Analysis of Competing Hypotheses
2.1 Hypothesis
2.2 Evidence
2.3 Diagnostics
2.4 Refinement
2.5 Inconsistency
2.6 Sensitivity
2.7 Conclusions and Evaluation
3. ACH Tool
3.1 PARC ACH
4. Structured Analysis of Competing Hypotheses
5. Other Data Analysis Methodologies
5.3 Overview of Threat Analysis
1. Introduction to Threat Analysis
2. Types of Threat Intelligence Analysis
5.4 Understanding the Threat Analysis Process
1. Threat Analysis Process and Responsibilities
2. Threat Analysis Based on Cyber Kill Chain Methodology
3. Aligning the Defensive Strategies with the Phases of the Cyber Kill Chain Methodology
4. Perform Threat Modeling
4.1 Asset Identification
4.2 System Characterization
4.3 System Modeling
4.4 Threat Determination and Identification
4.5 Threat Profiling and Attribution
4.6 Threat Ranking
4.7 Threat Information Documentation
5. Threat Modeling Methodologies
5.1 STRIDE
5.2 PASTA
5.3 TRIKE
5.4 VAST
5.5 DREAD
5.6 OCTAVE
6. Threat Modeling Tools
6.1 Microsoft Threat Modelling Tool
6.2 ThreatModeler
6.3 securiCAD Professional
6.4 IriusRisk
7. Enhance Threat Analysis Process with the Diamond Model Framework
8. Enrich the Indicators with Context
9. Validating and Prioritizing Threat Indicators
5.5 Overview of Fine-Tuning Threat Analysis
1. Fine-Tuning Threat Analysis
2. Identifying and Removing Noise
3. Identifying and Removing Logical Fallacies
4. Identifying and Removing Cognitive Biases
5. Automate Threat Analysis Processes
6. Develop Criteria for Threat Analysis Software
7. Employ Advanced Threat Analysis Techniques
7.1 Machine Learning-Based Threat Analysis
7.2 Cognitive-Based Threat Analysis
5.6 Understanding Threat Intelligence Evaluation
1. Threat Intelligence Evaluation
2. Threat Attribution
5.7 Creating Runbooks and Knowledge Base
1. Developing Runbooks
2. Create an Accessible Threat Knowledge Base
3. Organize and Store Cyber Threat Information in Knowledge Base
5.8 Overview of Threat Intelligence Tools
1. Threat Intelligence Tools
1.1 AlienVault® USM® Anywhere
1.2 IBM X-Force Exchange
1.3 ThreatConnect
1.4 SurfWatch Threat Analyst
1.5 AutoFocus
1.6 Additional Threat Intelligence Tools
6. Intelligence Reporting and Dissemination
6.1 Overview of Threat Intelligence Reports
1. Threat Intelligence Reports
2. Types of Cyber Threat Intelligence Reports
2.1 Threat Analysis Reports
2.2 Threat Landscape Reports
3. Generating Concise Reports
4. Threat Intelligence Report Template
5. How to Maximize the Return from Threat Intelligence Report
6. Continuous Improvement via Feedback Loop
7. Report Writing Tools
7.1 MagicTree
7.2 KeepNote
6.2 Introduction to Dissemination
1. Overview of Dissemination
2. Preferences for Dissemination
3. Benefits of Sharing Intelligence
4. Challenges to Intelligence Sharing
5. Disseminate Threat Intelligence Internally
6. Building Blocks for Threat Intelligence Sharing
7. Begin Intelligence Collaboration
8. Establish Information Sharing Rules
9. Information Sharing Model
10. Information Exchange Types
11. TI Exchange Architectures
12. TI Sharing Quality
13. Access Control on Intelligence Sharing
14. Intelligence Sharing Best Practices
6.3 Participating in Sharing Relationships
1. Why Sharing Communities are Formed?
2. Join a Sharing Community
3. Factors to be Considered When Joining a Community
4. Engage in Ongoing Communication
5. Consume and Respond to Security Alerts
6. Consume and Use Indicators
7. Produce and Publish Indicators
8. External Intelligence Sharing
9. Establishing Trust
10. Organizational Trust Models
6.4 Overview of Sharing Threat Intelligence
1. Sharing Strategic Threat Intelligence
2. Sharing Tactical Threat Intelligence
3. Sharing Operational Threat Intelligence
4. Sharing Technical Threat Intelligence
5. Sharing Intelligence Using YARA Rules
6. IT-ISAC (Information Technology – Information Security and Analysis Center)
6.5 Overview of Delivery Mechanisms
1. Forms of Delivery
2. Machine-Readable Threat Intelligence
3. Standards and Formats for Sharing Threat Intelligence
3.1 Traffic Light Protocol (TLP)
3.2 MITRE Standards
3.3 Managed Incident Lightweight Exchange (MILE)
3.4 VERIS
3.5 IDMEF
6.6 Understanding Threat Intelligence Sharing Platforms
1. Information Sharing and Collaboration Platforms
1.1 Blueliv Threat Exchange Network
1.2 Anomali STAXX
1.3 MISP (Malware Information Sharing Platform)
1.4 Cyware Threat Intelligence eXchange (CTIX)
1.5 Soltra Edge
1.6 Information Sharing and Collaboration Platforms
6.7 Overview of Intelligence Sharing Acts and Regulations
1. Cyber Intelligence Sharing and Protection Act (CISPA)
2. Cybersecurity Information Sharing Act (CISA)
6.8 Overview of Threat Intelligence Integration
1. Integrating Threat Intelligence
2. How to Integrate CTI into the Environment
3. Acting on the Gathered Intelligence
4. Tactical Intelligence Supports IT Operations: Blocking, Patching, and Triage
5. Operational Intelligence Supports Incident Response: Fast Reaction and Remediation
6. Strategic Intelligence Supports Management: Strategic Investment and Communications
QUESTION 1
Daniel is a professional hacker whose aim is to attack a system to steal data and money for profit. He performs
hacking to obtain confidential data such as social security numbers, personally identifiable information (PII) of
an employee, and credit card information. After obtaining confidential data, he further sells the information on
the black market to make money.
Daniel comes under which of the following types of threat actor.
A. Industrial spies
B. State-sponsored hackers
C. Insider threat
D. Organized hackers
Correct Answer: D
QUESTION 2
An attacker instructs bots to use camouflage mechanism to hide his phishing and malware delivery locations in
the rapidly changing network of compromised bots. In this particular technique, a single domain name consists of multiple IP addresses.
Which of the following technique is used by the attacker?
A. DNS zone transfer
B. Dynamic DNS
C. DNS interrogation
D. Fast-Flux DNS
Correct Answer: D
QUESTION 3
Kathy wants to ensure that she shares threat intelligence containing sensitive information with the appropriate
audience. Hence, she used traffic light protocol (TLP).
Which TLP color would you signify that information should be shared only within a particular community?
A. Red
B. White
C. Green
D. Amber
Correct Answer: D
Actualkey ECCouncil 312-85 Exam pdf, Certkingdom ECCouncil 312-85 PDF
Best ECCouncil 312-85 Certification, ECCouncil 312-85 Training at certkingdom.com