Enterprise Threat Modeling and ATT&CK

After spending some time working with the ATT&CK threat model, which is primarily aimed at modeling threats from a systems perspective, I have been wondering what other frameworks are available to model threats from an organisational or business unit perspective and that can also support the integration with ATT&CK. The following document: Enterprise Threat Model…

Cyber Intelligence Tradecraft Report by Carnegie Mellon University

A few days ago through my network of contacts, I came to find this fantastic report about Cyber Intelligence tradecraft and its evolution in the United States. This report is absolutely mind-blowing with its 176 pages of research on the evolution, challenges and best practices in the evolving field of Cyber Intelligence. The recommended audience…