Using Structured Analytics Techniques in SOC

I keep trying to involve SATs (structured analytic techniques) in my daily Cyber security analysis work. I also keep looking for ways to measure the improvement of SATs on the thinking process used to tackle or analyze cyber incidents.

There really few publications on the topic with direct relation to cyber security. One example I found was a book by Sarah Miller “Cases in Intelligence Analysis: structured Analytic Techniques”, The book practically apply SATs techniques in real world incident as examples happened in the past to illustrate the use of the techniques. The techniques used in the book used are from another book Structured Analytic Techniques by Richards J. Heuer Jr. and Randolph H. Pherson.

Apart from the great time spent with the book, I found chapter 3: discussing cyber attacks on critical infrastructure.There were three techniques selected by author:

• Decomposition and visualization using “getting started checklist technique”
• Assessment of Cause and Effect using “key assumptions check technique”
• And, challenge analysis using “devil’s advocacy technique”

Adding to the above three techniques, I found Analysis of Competing Hypotheses very much applicable to cyber security.

Getting started in SATs for cyber security using these techniques is a good step towards improving SOC personnel thinking, the challenge will remain in measuring the improvement.