UP TO 50% OFF on Combo Courses!

CTIA Course outline

Some organizations have the resources and skills to secure their IT infrastructure against security threats; however, many organizations cannot do so. Organizations have a state-of-the-art security software solution or pay thousands of dollars for security tools. Even after that, no organization is entirely secure. Certified Threat Intelligence Analyst (C|TIA) allows cybersecurity professionals to enhance their skills in building sufficient organizational cyber threat intelligence. It is a specialist-level program. CTIA is an examination that tests the individuals’ skills and prepares them to make useful threat intelligence in the organization.

CTIA course outline

Who is it for?

This course is designed for cybersecurity professionals who deal with cyber threats on a regular basis. People from the information security field and those who want to improve their knowledge and skills in the cyber threat intelligence domain, and individuals involved in preventing cyber threats can also benefit from this training program.


To sit for the CTIA certification exam, candidates must possess any one of the following criteria:

  • The candidate should have two years of experience in the cybersecurity field.
  • The candidates must attend EC-Council CTIA training from an accredited EC-Council Partner
Certification Name Certified Threat Intelligence Analyst
Exam Code Exam Code 312-85
Test Format Multiple-choice questions
Number of Questions 50
Test Duration 2 hours
Passing Score 70%

CTIA domains:

Domain 1: Introduction to Threat Intelligence

This domain carries 14% weightage in the exam. This domain gives an introduction to intelligence, threat intelligence, and the life cycle of threat intelligence. Intelligence is a process that utilizes information to analyze and respond to the emerging requirements of an organization. Intelligence converts “what” and “how” of the information into “why” and “when” of the problem-solving process.

Cyber threat intelligence defines as collecting and analyzing information about threats and adversaries and drawing patterns that can make knowledgeable decisions for the preparedness, prevention, and response action against various cyber-attacks. It helps the organization identify and mitigate various business risks by converting unknown risks to a known risk.

CTI life cycle is an interactive process of explaining the collection of raw data and its conversion into useful intelligence. The entire CTI life cycle directs towards understanding the need for threat intelligence for the organization, then planning to collect, process, and analyze to make it an actional intelligence, then sharing the same with TI consumers and taking feedback for improvement. This section also explains six phases of the CTI life cycle, which are as follows:

  1. 1-Direction
  2. 2-Collection
  3. 3-Processing
  4. 4-Analysis
  5. 5-Dissemination
  6. 6-Feedback

Domain 2: Cyber Threats and Kill Chain Methodology

This domain carries 14% weightage in the exam. This module sheds light on Cyber threats, Advanced Persistent Threats (APTs), and Indicators of Compromise (IoCs). A cyber threat is a harmful act that attempts to damage data, steal data, or disrupt digital life in general. Cyber-attacks include threats like computer viruses, data breaches, and Denial of Service (DoS) attacks. Advanced Persistent Threats (APTs) an attack focused on stealing information from the victim machine without the user being aware of it. Indicators of Compromise (IoCs) are forensic artifacts of an intrusion that can be identified on a host or network.

Domain 3: Requirements, Planning, Direction, and Review

This domain carries 16% weightage in the exam. In this domain, you will learn different things, which is necessary for a threat intelligence analyst. This domain is pretty light, but it explains new topics that improve the individuals’ skills and prepares them to make useful threat intelligence in the organization. The field also covers:

  • Understanding the Organization’s Current
  • Threat Landscape
  • Understanding Requirements Analysis
  • Planning Threat Intelligence Program
  • Establishing Management Support
  • Building a Threat Intelligence Team
  • Overview of Threat Intelligence Sharing
  • Reviewing Threat Intelligence Program

Domain 4: Data Collection and Processing

This domain carries 24% weightage in the exam. This domain plays an essential role in this course and has maximum weightage in the exam. This domain will explain how to collect data and process it into information that will be analyzed and converted into intelligence; if your data source is not correct or legitimate, it means that your overall threat intelligence is of no use. This domain also explains:

  • Overview of Threat Intelligence Data Collection
  • Overview of Threat Intelligence Collection Management
  • Overview of Threat Intelligence Feeds and Sources
  • Understanding Threat Intelligence Data Collection and Acquisition
  • Understanding Bulk Data Collection
  • Understanding Data Processing and Exploitation

Domain 5: Data Analysis:

This domain carries 18% weightage in the exam. This domain will help you understand how to combine the information and analyzing it to perform intelligence. Analysis of your intelligence should be objective(the overall purpose of threat intelligence should be a full sight), timely(you should get the intelligence on time), accurate, and actionable. This domain also explains:

  • Overview of Data Analysis
  • Understanding Data Analysis Techniques
  • Overview of Threat Analysis
  • Understanding Threat Analysis Process
  • Overview of Fine-Tuning Threat Analysis
  • Understanding Threat Intelligence Evaluation
  • Creating Runbooks and Knowledge Base
  • Overview of Threat Intelligence Tools


Domain 6: Dissemination and Reporting of Intelligence

This domain carries 14% weightage in the exam. This domain will explain how to deliver intelligence to different-different consumers(i.e., strategic, tactical, operational, and technical) at different levels and how to create a threat intelligence report. This domain also explains:

  • Overview of Threat Intelligence Reports
  • Introduction to Dissemination Participating in Sharing Relationships
  • Overview of Sharing Threat Intelligence
  • Overview of Delivery Mechanisms
  • Understanding Threat Intelligence Sharing Platforms
  • Overview of Intelligence Sharing Acts and Regulations
  • Overview of Threat Intelligence Integration 

Learning objective:

This Certified Threat Intelligence Analyst training and certification aim are:

  • Role of threat intelligence
  • Advanced Persistent Threat (APT) lifecycle
  • Types of data feeds and methods to collect data
  • Threat analysis process, including threat modeling, evaluation, fine-tuning, and creating a knowledge base
  • Types of TI exchange and threat intelligence sharing formats
  • Tools for threat intelligence, threat modeling, data analysis

Benefits of CTIA Training:

It focuses on improving the skills to implement different threat intelligence types such as strategic, operational, tactical, and technical threats for a particular organization. It describes the potential impact of malware and determines the threat actor; this is an important skill required for a threat intelligence analyst. The C|TIA labs consist of the latest OS (operating system), including Windows 10 and Kali Linux, to plan, collect, analyze, evaluate, and disseminate threat intelligence. The C|TIA also includes a library of tools, platforms, and frameworks required to extract useful organizational threat intelligence.

Why CTIA certification training with Infosec Train?

Infosec Train is one of the best consulting organizations, focusing on a range of IT security training and information security services. We provide the candidates with all the necessary skills and knowledge required to get through the CTIA certification exam. You can check and enroll in our CTIA Certification Training to prepare for the CTIA certification exam.


Aakanksha Tyagi ( )
Infosec Train
Aakanksha Tyagi is pursuing her Master's degree in Information Security and Management. She works with full dedication and enjoys working on Information Security blogs. Currently, Aakanksha is working as a content writer in Infosec Train.