This short, resource-filled blog post is a companion to a SANS Institute live stream from 2 June 2021.
About the speakers:
- Micah Hoffman (@WebBreacher) is the author of the SANS SEC487 OSINT (Open-Source Intelligence) course: https://sans.org/sec487
- Chris Crowley (@CCrowMontance) is the author of the SOC (Security Operations Center) Class: https://soc-class.com/
Abstract
Whether you are an analyst in a Security Operations Center (SOC) or an Open Source Intelligence (OSINT) investigator, your ability to logically and objectively analyze can make your final output invaluable to your stakeholders or, if done poorly, just another report that may never get read. Join SANS Senior Instructors Chris Crowley and Micah Hoffman as they help you understand sound data analysis and apply it in your daily activities.
Resources and Talking Points
Inductive versus Deductive Reasoning
Deductive reasoning is used more in scientific situations and has the following steps From: https://www.indeed.com/career-advice/career-development/scientific-method-steps:
- Ask a question
- Perform research
- Establish a hypothesis
- Test the hypothesis by conducting an experiment
- Make an observation
- Analyze the results and draw a conclusion
- Present the findings
Most OSINT investigations use inductive reasoning as the investigator moves through the steps of:
- Acquiring data
- Examining for patterns
- Creating tentative hypotheses based on identified patterns
- Creating a theory from the hypotheses
Morphological Analysis
Reference: https://science.sciencemag.org/content/163/3873/1317
“As a problem-structuring and problem-solving technique, morphological analysis was designed for multi-dimensional, non-quantifiable problems where causal modeling and simulation do not function well or at all. Zwicky developed this approach to address seemingly non-reducible complexity. Using the technique of cross consistency assessment (CCA) (Ritchey, 1998), the system however does allow for reduction, not by reducing the number of variables involved, but by reducing the number of possible solutions through the elimination of the illogical solution combinations in a grid box.”
https://psychology.wikia.org/wiki/Morphological_analysis
Logical Fallacy and Biases
Unsound thinking based upon illogical processing and analysis of data.
- Comprehensive list of falacies: http://utminers.utep.edu/omwilliamson/ENGL1311/fallacies.htm
- List of biases: https://en.wikipedia.org/wiki/List_of_cognitive_biases
Professor Geert Hofstede’s Cultural Dimensions
- Organizational Culture: https://hi.hofstede-insights.com/organisational-culture
- National Culture: https://hi.hofstede-insights.com/national-culture
Richards Heuer’s Works
https://en.wikipedia.org/wiki/Richards_Heuer
- Psychology of Intelligence Analysis, free PDF: https://www.cia.gov/static/9a5f1162fd0932c29bfed1c030edf4ae/Pyschology-of-Intelligence-Analysis.pdf)
- Structured Analytic Techniques for Intelligence Analysis, Amazon Affiliate link: https://amzn.to/3yWjUle
Analysis of Competing Hypotheses
https://en.wikipedia.org/wiki/Analysis_of_competing_hypotheses
- Works to refute/disprove hypotheses instead of confirming them
- Brainstorm alternative hypotheses or explanations for the data
The ACH example below is for an incident that may have occurred within a SOC.
