Two crude visual aides that reflect my thinking on where @MITREattack fits within a security program. ATT&CK is a tool for your detection engineering, analysis, red teams. ATT&CK is *not* a yardstick that you use to measure risk, or the efficacy of products and services.

Keith

@kwm

Two crude visual aides that reflect my thinking on where @MITREattack fits within a security program.

ATT&CK is a tool for your detection engineering, analysis, red teams.

ATT&CK is *not* a yardstick that you use to measure risk, or the efficacy of products and services.

10/8/2018, 6:57:13 AM

Favs: 30

Retweets: 9

link

Keith

@kwm

@MITREattack Thanks to @sounilyu for the Cyber Defense Matrix, and to Canada for the Integrated Security Risk Management concept.

10/8/2018, 6:57:57 AM

Favs: 1

Retweets: 0

link