I have spent some time working in the threat industry and through my own experience, I started getting interested in looking at things from a different perspective. There are great professionals and researchers in this area of cyber security however, it lacks cohesion. A higher degree of cohesion within as well as in other areas,…
Category: att&ck
Enterprise Threat Modeling and ATT&CK
After spending some time working with the ATT&CK threat model, which is primarily aimed at modeling threats from a systems perspective, I have been wondering what other frameworks are available to model threats from an organisational or business unit perspective and that can also support the integration with ATT&CK. The following document: Enterprise Threat Model…
Cyber Intelligence Tradecraft Report by Carnegie Mellon University
A few days ago through my network of contacts, I found this report about Cyber Intelligence trade-craft and its evolution in the United States. This report is absolutely mind-blowing with its 176 pages of research on the evolution, challenges and best practices in the evolving field of Cyber Intelligence. The recommended audience as defined by…
