Advanced search

Improving Cyber Threat Intelligence (CTI) analysis skills using MISP for least developed countries (LDCs) and Small Islands Developing States (SIDS)

Registration
 - 
Event dates
 - 
Location
Global or multi-regional
Training topics
Cybersecurity
Training type
Online instructor led
Languages
English
Tutors
  • Vilius Benetis
Coordinators
  • Rūta Jašinskiene
  • Kristina Hojstricova
Course level

Intermediate

Event email contact
rj@nrdcs.lt
$0.00

Event organizer(s)

NRD logo

Description

This hands-on training program is designed to equip attendees participants from least developed countries (LDCs) and Small Islands Developing States (SIDS) with practical analysis skills using MISP, one of the most widely adopted Threat Intelligence Platforms (TIP) in the field. MISP is a robust, open-source platform that organizations can use to store, share, and receive information about malware, threats, and vulnerabilities in a structured manner. Training will be delivered under the Cyber for Good project. 

Participants will engage in discussions about the reasoning behind various CTI analysis tasks and explore real-world scenarios to understand how responder teams effectively leverage CTI through MISP. With a focus on intelligence sharing, including contributions to TIP, students will acquire critical knowledge about what information can be shared, the appropriate methods for sharing, and the right recipients, all tailored to specific objectives. 

They will also learn how to extract valuable insights from intelligence feeds, develop strategic questions, create effective queries, and share intelligence to maximize organizational benefits. 

Access to the MISP platform will be provided, allowing participants to practice and complete homework assignments designed to reinforce their learning.

Target population

This training course is intended for incident response specialist and managers from least developed countries (LDCs) and Small Islands Developing States (SIDS) who are working in Security Operations Centers (SOC) or Computer Security Incident Response Teams (CSIRT) and use or are planning to use MISP, one of the most widely used Threat Intelligence Platform (TIP) platform in the field.

The training courses are open for applications from all interested professionals, irrespective of their race, ethnicity, age, gender, religion, economic status and other diverse backgrounds. We strongly encourage registrations from female applicants, and applicants from developing countries (includes least developed countries, small island developing states, landlocked developing countries). 

Entry requirements

At least basic knowledge on cyber threat Intelligence or an analyst job role. 

Number of available places in the cohort: 30. 

Learning objectives

Upon completion of this course, participants will be able to:  

  • Use MISP for situational awareness, most common cyber threat intelligence tasks 
  • More effectively compose search queries in in CTI datasets  
  • Encode typical cyberthreat artifacts into MISP (for ex. scams, phishing, impersonation, technical attacks) 
  • Justify the creation/collection of own CTI datasets  
Methodology

The course consists of 3 modules and is divided into 2 online sessions lasting 5 hours daily with two 30-minute breaks.

Participants will be given access to the MISP CTI platform, where they will be able to not only complete the assignments, but also practice alongside the assignments to gain a better understanding of how it works and its benefits.

The first session ends with a practical task to be completed before the next session, and after the second session, participants are given several tasks to complete at their convenience within a week of the training. This will help them to reinforce the knowledge gained during the training and practice with MISP.

All necessary course materials and additional resources (if any) will be provided through the ITU Academy platform.

To ensure maximum engagement and retention, the 4MAT teaching methodology will be utilized in all sessions. This involves interactive discussions on a topic, practical exercises, discussions to identify learning points, and individual notetaking to reflect on relevant habits that can be changed moving forward. At the end of each day, a review will be conducted to reinforce the key takeaways. 

Assessment and grading

Students will be graded on whether or not they have completed the assignments 80% of the total, and on their active participation in the lectures (max. 20% for lecture attendance). 

Activity  / Weighting (%) 

  • Practical assignment (homework_1)  40% 
  • Practical assignment (homework_2)  40% 
  • Active participation in lectures  20% 

A total score higher than 70% is required to obtain the ITU certificate. 

Training details and instructional approach

Module 1

  • Sessions/Topics Covered: Introduction to CTI – where it fits according to CSIRT services framework
  • Key Learning Points:
    • Examine definition and purpose of Cyber Threat Intelligence, Intelligence Lifecycle (direction, collection, processing, analysis, dissemination, evaluation).
    • Exemplify CTI “location” in different services model – FIRST.org CSIRT services, SOC-CMM.
    • Outline what to expect from CTI and how it facilitates CSIRT operations.
  • Training Activities Details: Lecturing, discussions

Module 2

  • Sessions/Topics Covered: Value of CTI technology
  • Key Learning Points:
    • Examine the MISP tool and interface
    • Practice searching in MISP
    • Analyze CTI Outputs and deliverables, MISP examples
    • Compare typical CTI samples to understand their practical applications.
  • Training Activities Details: Lecturing, discussions, Practical assignment (semi-individual work)

Module 3

  • Sessions/Topics Covered: CTI data modelling
  • Key Learning Points:
    • Examine data structures of CTI – STIX, MISP Objects, Galaxies, Tags
    • Exercise encoding simple threat intelligence instance
    • Utilize internal and external threat intelligence feeds within MISP.
  • Training Activities Details: Lecturing, discussions, Practical assignment (homework)

Module 4

  • Sessions/Topics Covered: Processes and workflows of Situational Awareness
  • Key Learning Points:
    • Analyze typical activities and workflows of CTI analyst
    • Solve challenges of CTI analyst
    • Contrast how different organizations are using MISP and other CTI platforms
  • Training Activities Details: Lecturing, discussions

Module 5

  • Sessions/Topics Covered: Cyber events encoding into CTI platform
  • Key Learning Points:
    • Validate methods to decompose different cyberthreat events (scam, phishing etc.) into data structures
    • Examine encoding scams, phishing into the MISP
  • Training Activities Details: Lecturing, discussions, Practical assignment (semi-individual work)

Module 6

  • Sessions/Topics Covered: Sharing of CT
  • Key Learning Points:
    • Facilitate the exchange of Indicators of Compromise among trusted communities.
    • Compare different sharing models in MISP (private, community, public).
    • Configure secure sharing of CTI data with trusted partners.
  • Training Activities Details: Lecturing, discussions, Practical assignments (homework)

Registration information

Document on registration information (English)

Unless specified otherwise, all ITU Academy training courses are open to all interested professionals, irrespective of their race, ethnicity, age, gender, religion, economic status and other diverse backgrounds. We strongly encourage registrations from female participants, and participants from developing countries. This includes least developed countries, small island developing states and landlocked developing countries.

Related documentation and links
Share in

The registration to the course is closed.