In my previous post, I went through the need and benefits of deploying a security control baseline according to the framework researched. Two of the most important ideas extracted from the first post are: Implementing a security control baseline to address low to moderate threat sophistication is essential and economically beneficial, because it will target…
Category: Enterprise Cybersecurity
Enterprise Threat Modeling and ATT&CK
After spending some time working with the ATT&CK threat model, which is primarily aimed at modeling threats from a systems perspective, I have been wondering what other frameworks are available to model threats from an organisational or business unit perspective and that can also support the integration with ATT&CK. The following document: Enterprise Threat Model…
