You're reading from Aligning Security Operations with the MITRE ATT&CK Framework Level up your security operations center for better security

Product type Paperback

Published in May 2023

Publisher Packt

ISBN-13 9781804614266

Length 192 pages

Edition 1st Edition

Concepts

Cybersecurity

Author (1):

Rebecca Blair

View More author details

Table of Contents (18) Chapters

Preface

1. Part 1 – The Basics: SOC and ATT&CK, Two Worlds in a Delicate Balance

2. Chapter 1: SOC Basics – Structure, Personnel, Coverage, and Tools FREE CHAPTER

3. Chapter 2: Analyzing Your Environment for Potential Pitfalls

4. Chapter 3: Reviewing Different Threat Models

5. Chapter 4: What Is the ATT&CK Framework?

6. Part 2 – Detection Improvements and Alignment with ATT&CK

7. Chapter 5: A Deep Dive into the ATT&CK Framework

8. Chapter 6: Strategies to Map to ATT&CK

9. Chapter 7: Common Mistakes with Implementation

10. Chapter 8: Return on Investment Detections

11. Part 3 – Continuous Improvement and Innovation

12. Chapter 9: What Happens After an Alert is Triggered?

13. Chapter 10: Validating Any Mappings and Detections

14. Chapter 11: Implementing ATT&CK in All Parts of Your SOC

15. Chapter 12: What’s Next? Areas for Innovation in Your SOC

16. Index

Why subscribe?

17. Other Books You May Enjoy

Summary

This chapter covered how to create a risk registry and the format to use. As mentioned, a risk registry is not only critical for compliance purposes but also allows you to appropriately assess risk, track any changes in your organization, and ensure that you are making progress toward mitigating risks. We covered how to conduct a purple team exercise and showed a purple team report. Purple team exercises are a sign of a mature security program and are critical for implementing a trust-but-verify strategy in your security measures. The last position any incident responder wants to be in is responding to a critical incident that could have been mitigated or prevented if the team had just run a purple team exercise or a TTX and learned from those experiences. Finally, we covered some common gaps and shortcomings that are completely normal and discussed options for mitigating those gaps.

In the next chapter, we’ll cover different threat models in detail and discuss how...