Pitfalls of Cyber Data
0 likes2,462 views
The document discusses methods for threat analysis and assessment, emphasizing the importance of situational awareness and strategic intelligence to understand evolving threats. It highlights the need for high-level information about risks, including capabilities and intents of attackers, as well as specific vulnerabilities and impacts. Additionally, the text addresses various factors that influence threat events, such as historical incident records, adversary characteristics, and the effectiveness of controls.
Pitfalls of Cyber Data
- 2. 2
- 4. 4 Immediate Threat Evolving Threat Long Term Threat Trend Analysis Horizon Scanning Futurology Situational Awareness Strategic Intelligence
- 5. 5 High-level Information on changing risk The board Details of a specific Incoming attack Defenders Attacker Methodologies, Tools and tactics Architects & Sysadmins Indicators of Specific malware SOC staff / IR Long-TermUseShort-TermUse Low LevelHigh Level
- 6. 6 Threat Source Threat Event Vulnerability Adverse Impact Initiates Exploits Causing Characteristics: • Capability • Intent • Target Sequences: • Actions • Activities • Scenarios • Relevance Conditions: • Pervasiveness • Severity Controls: • Effectiveness Risk: • Likelihood • Impact Risk View
- 7. 7 Driving Forces Public Cyber Data Past Incident Records Adversaries (Threat Source) Threat Scenarios Adverse Impacts Threat Events TTPs Controls Threat Personas Technical Indicators Tactical View
- 8. 8
- 9. 9
- 12. 12
- 13. 13
- 14. 14
- 15. 15
- 16. 16 Threat Scenarios Threat Events TTPS Many to Many Many to ManySpecific Instance with extensive business context. Collection of TTPs with limited Business Context Standards not used / many fudges
- 17. 17