SecProve
Pillar A: CybersecurityA22

Information Operations & Cognitive Security

Influence operations, cognitive warfare, counter-intelligence, OSINT/SOCMINT, PSYOP/MISO, foreign malign influence, hack-and-leak operations, narrative warfare, DISARM framework.

Practice A22 (89 questions)
Part of Pillar A: Cybersecurity · Cybersecurity groups the disciplines that share methods, tools, and threat models with Information Operations & Cognitive Security.

What is Information Operations & Cognitive Security?

Information operations and cognitive security represent the intersection of cybersecurity, intelligence, and human psychology. As nation-states, criminal organizations, and ideologically motivated groups increasingly weaponize information, the discipline has evolved from traditional propaganda analysis to encompass cyber-enabled influence campaigns, hack-and-leak operations, and AI-powered cognitive warfare.

Modern information operations leverage the full cyber toolkit — compromising targets to steal documents for strategic release, hijacking social media accounts to impersonate trusted voices, deploying bot networks to amplify narratives, and using deepfakes to fabricate evidence. The 2016 US election interference, the SolarWinds hack-and-leak strategy, and ongoing influence campaigns targeting elections worldwide have demonstrated that information operations are now a core component of geopolitical conflict.

Cognitive security — the emerging discipline of protecting individuals and societies from manipulation — draws on behavioral psychology, network analysis, content forensics, and platform integrity engineering. Frameworks like DISARM (formerly AMITT) provide structured taxonomies for analyzing influence operations, while organizations like the Global Disinformation Index and the Cognitive Security Institute are building the tools and methodologies defenders need.

Why it matters

Cyber attacks increasingly serve information warfare objectives. Understanding information operations is essential for security professionals who need to recognize when a breach is part of a larger influence campaign, not just a data theft.

Information operations bridge cybersecurity and national security. This domain connects threat intelligence (A8), AI-enabled disinformation (C10), security leadership (A18), and cyber-electronic warfare (A17) into a unified understanding of how adversaries use information as a weapon.

Layer 1

Govern & Direct

Set direction, own risk, shape policy, govern AI/quantum programs, work with people and narrative.

Other domains in this layer

A1Governance, Risk & ComplianceA18Security LeadershipA20Security Awareness & Human FactorsC7AI Governance & RiskD4Quantum-Safe Compliance
See how this layer connects to the rest of the domain map →

Standards and frameworks

DISARM Framework (Disinformation Analysis and Risk Management)DISARM Foundation
MITRE ATT&CK — Reconnaissance & Resource DevelopmentMITRE
EU EastStratCom — EUvsDisinfoEuropean Union
CISA Election Security ResourcesCISA

Curated resources

Authoritative sources we ground Information Operations & Cognitive Security questions in — frameworks, research, guides, and tools.

CISAframework

CISA Foreign Influence Operations and Disinformation

Federal hub for U.S. perspective on foreign influence ops, election integrity, and counter-disinformation guidance. Includes "rumor vs. reality" public briefings.

Atlantic Councilguide

Atlantic Council Digital Forensic Research Lab (DFRLab)

Open-source investigations of disinformation campaigns and information warfare. Methodology-forward — they publish their workflows, not just findings.

European External Action Serviceframework

EU EEAS — FIMI Threat Reports

EU's annual reports on Foreign Information Manipulation and Interference. Codifies the FIMI taxonomy increasingly used in EU policy discussions.

NATO StratCom COEguide

NATO Strategic Communications Centre of Excellence

NATO-accredited research center on strategic communications, information warfare, and influence operations. Publishes detailed case studies on hybrid-warfare campaigns from a defense perspective.

EU East StratCom Task Forceframework

EUvsDisinfo

EU-operated database of pro-Kremlin disinformation cases and analysis. The reference dataset for pro-Russia narrative tracking, with 17,000+ cataloged cases and weekly trend reports.

View all resources for A22

Certifications that signal this domain

Credentials whose blueprint meaningfully covers this domain. Core means centrally covered; also touched means present in the blueprint but not the primary focus.

Also touched

GCTIProfessional·GIAC / SANSOfficial page →

GIAC Cyber Threat Intelligence

Structured threat intel production, ATT&CK, analytic tradecraft.

Browse all certifications → — pick a cert on the interactive map to highlight every domain it covers.

Education and certifications

Active Measures: The Secret History of Disinformation and Political Warfarebook
Thomas Rid·intermediate
SANS SEC487: Open-Source Intelligence (OSINT) Gathering and Analysiscertification
SANS·intermediate
Stanford Internet Observatory Cyber Policy Centercourse
Stanford University·advanced
Messing with the Enemy: Surviving in a Social Media World of Hackers, Terrorists, Russians, and Fake Newsbook
Clint Watts·beginner
Bellingcat's Online Investigation Toolkitcourse
Bellingcat·beginner

More in Cybersecurity

A1

Governance, Risk & Compliance

A2

Network Security

A3

Zero Trust Architecture

A4

Application Security

A5

Cloud Security

A6

Identity & Access Management

Test what you know about Information Operations & Cognitive Security

89 questions available. Beginner to expert questions, scored against the global leaderboard.

Start a QuizSign Up Free