Xmind is a fantastic tool for creating mindmaps and diagrams. They tout themselves as “the most professional mind map software”. While I can’t endorse that, I can say that Xmind has been an incredibly useful addition to my workflow. (Don’t care about the rationale, just want the template? I’m a visual person. Pictures help me think. My notebooks (yes, physical notebooks) are filled with doodles, ideas, and reminders from team meetings and long train rides. For years I’ve wanted to take what I do on paper and do the same on-screen. Unfortunately I haven’t had much luck. Tools like Google Drawings (part of Google Drive) and Microsoft Office’s SmartArt have gotten me close, but more often than not, I spend too much time fussing over how things look. I came across Xmind while digging through Google search results for mindmapping tools. Xmind caught my attention for three reasons: With that in mind, I put Xmind to task on something that usually takes me too long: scoping out a website project.
The NOSE Pattern of Persuasive Structure is something I was introduced to in the book Persuasive Business Proposals. This is what I shared on the Advanced WordPress group: Just tried something a bit different… put together a proposal for a small project using Xmind (http://www.xmind.net/). Visualized all the dependencies (design/functional/content), the budget (expenses/hourly rate), and the schedule, in a mind map. Made notes on everything. Exported into a document, did some formatting in Google Docs, and sent it off as a PDF to the potential client. The process could definitely use some refinement, but this was the first time I’ve tried this approach, and it was *fast*. This structure follows the NOSE pattern. Here’s how I did it. For this we’re just using a basic map with six nodes, one for each component of our project: Project Goals are specific objectives for the project. These are based on both the Needs and Outcomes of the NOSE model. The Content Sitemap is a simple overview of the pages, sections, or post types on the site.
I like to follow the WordPress template hierarchy as much as possible. The Functional Requirements are things that site users should be able to do on the site. For simplicity’s sake I’ll include plugin requirements here as well. Design Requirements are the last of our Requirements map, and address the look and feel of the site. Collectively, these requirements map out our Solutions in the NOSE model. Budget details the cost breakdown. Are you charging per component or per phase? With the small-budget projects that I work on as a developer, the budget is usually split between labour (my time) and itemized costs (plugins, hosting, domain registration, and other products or services). It may be different for you. Timelines give your client an idea of how the project will proceed. In my case, I prefer to work through weekly phases/milestones. TIP: Take note of the Outline panel. When it comes time to export your mind map, your sections will follow the outline order.
Once we’ve added a separate node for each of our project components, we can start adding notes. This makes up the bulk of content in our proposal. Xmind provides a separate Notes panel that you can use to enter formatted text. Markers are icons that can help communicate ideas very quickly. There are some basic markers that ship with Xmind, and you can add custom ones. With notes and markers added, here’s what a simple structure looks like: Once you’ve added notes and markers to all of the requirements and components of your map, it’s time to export. Since I’m on the free version, I’m going to export to HTML. This does two things: You can customize a number of settings during the Export step. The next part is easy. Just copy the entire page into the app of your choice! With your content now taken care of, you can focus on the aesthetics: formatting text, adding additional details, and so on. In this case, I’m using Microsoft Word 2013.
We’ve made this template available on the Xmind library. Feel free to use it! Chances are we’ll be making more like this in the future:When handling a large-scale intrusion, incident responders often struggle with obtaining and organizing the intelligence related to the actions taken by the intruder and the targeted organization. Examining all aspects of the event and communicating with internal and external constituents is quite a challenge in such strenuous circumstances.The following template for a Threat Intelligence and Incident Response Report aims to ease this burden. It provides a framework for capturing the key details and documenting them in a comprehensive, well-structured manner.This template leverages several models in the cyber threat intelligence (CTI) domain, such as the Intrusion Kill Chain, Campaign Correlation, the Courses of Action Matrix and the Diamond Model. The use of these frameworks helps guide threat intelligence gathering efforts and inform incident response actions.
If you’re not familiar with this approach, read the papers Intelligence-Driven Computer Network Defense Informed by Analysis of Adversary Campaigns and Intrusion Kill Chains and The Diamond Model of Intrusion Analysis. This methodology is discussed in depth in the SANS Institute course FOR578: Cyber Threat Forensics.Read the following explanation to understand the template’s structure and methodology, so you can start learning how to use it.Structure of the ReportThe Threat Intelligence and Incident Response Report describes the actions taken by the adversary and the incident responder in the context of a large-scale intrusion. If relevant, it also references other intrusions that might comprise the larger campaign. The template below includes the following sections:The Adversary’s Actions and Tactics: Making use of the Diamond Model methodology, this section asks the report author to describe the 4 key elements of the intrusion: the adversary itself, the infrastructure used as part of the attack, adversary’s capabilities and the victim.
The template invites the report author to categorize these attributes according to the 7 phrases of the malicious activities that comprise the intrusion kill chain.Courses of Action During Incident Response: Building upon the Courses of Action Matrix, this section asks the report author to describe the activities that the organization performed when responding to the intrusion. The template presents tips related to capturing the following types actions: Discover, detect, deny, disrupt, degrade, deceive and destroy. It provides placeholders for filling in details for these actions with respect to the applicable stages of the intrusion kill chain.Intrusion Campaign Analysis: This section gives the report author the opportunity to document the relationship between the intrusion and other incidents that, when taken together, form a campaign. The template offers guidance for capturing the indicators and behaviors shared across the intrusions within the campaign. It leaves room for outlining the commercial, geopolitical or other factors that might have motivated the adversary’s activities.
Using the Report TemplateThe Threat Intelligence and Incident Response Report template is comprehensive. As the result, creating a report on its basis requires rigor and patience, though not all sections of the template are applicable to all situations.Utilizing the template requires the report author to understand the above-mentioned threat intelligence frameworks, which include:The Intrusion Kill Chain framework defines 7 consecutive stages through which adversaries must progress to achieve their intrusion objectives. Interfering with any phase of the chain helps the defender to fend off the adversary.The Courses of Action matrix overlays the kill chain’s phases over 6 types of defensive actions that incident responders can take to break the chain. The defenders’ actions are based on the information available to them about each stage in the chain.The Diamond Model establishes 4 characteristics that incident responders can use to describe the intrusion. Each characteristic can be explained in terms of the kill chain’s phases to provide a comprehensive narrative of malicious actions and their effects.