← @kwm Twitter archive



Two crude visual aides that reflect my thinking on where @MITREattack fits within a security program.

ATT&CK is a tool for your detection engineering, analysis, red teams.

ATT&CK is *not* a yardstick that you use to measure risk, or the efficacy of products and services.

10/8/2018, 7:57:13 AM

Favs: 32

Retweets: 10



@MITREattack Thanks to @sounilyu for the Cyber Defense Matrix, and to Canada for the Integrated Security Risk Management concept.

10/8/2018, 7:57:57 AM

Favs: 1

Retweets: 0