You're reading from Aligning Security Operations with the MITRE ATT&CK Framework Level up your security operations center for better security

Product type Paperback

Published in May 2023

Publisher Packt

ISBN-13 9781804614266

Length 192 pages

Edition 1st Edition

Concepts

Cybersecurity

Author (1):

Rebecca Blair

View More author details

Table of Contents (18) Chapters

Preface

1. Part 1 – The Basics: SOC and ATT&CK, Two Worlds in a Delicate Balance

2. Chapter 1: SOC Basics – Structure, Personnel, Coverage, and Tools FREE CHAPTER

3. Chapter 2: Analyzing Your Environment for Potential Pitfalls

4. Chapter 3: Reviewing Different Threat Models

5. Chapter 4: What Is the ATT&CK Framework?

6. Part 2 – Detection Improvements and Alignment with ATT&CK

7. Chapter 5: A Deep Dive into the ATT&CK Framework

8. Chapter 6: Strategies to Map to ATT&CK

9. Chapter 7: Common Mistakes with Implementation

10. Chapter 8: Return on Investment Detections

11. Part 3 – Continuous Improvement and Innovation

12. Chapter 9: What Happens After an Alert is Triggered?

13. Chapter 10: Validating Any Mappings and Detections

14. Chapter 11: Implementing ATT&CK in All Parts of Your SOC

15. Chapter 12: What’s Next? Areas for Innovation in Your SOC

16. Index

Why subscribe?

17. Other Books You May Enjoy

Using ATT&CK to create organizational policies and standards

A large part of having a mature security program is the policies and procedures. Unfortunately, that is one of the areas that is typically the weakest. The reason is that when standing up a new security program, there are so many priorities that your team starts focusing on the technical implementations, and before they know it, everyone has a different process for triaging, adding detections, and making security engineering recommendations. Fortunately, when implementing the ATT&CK controls for your SOC and other environments, you naturally have to evaluate and tune settings, and that is a great time to create policies and standards. The difference between the two is that a policy is a set of general guidelines or proposed actions. Policies can be more general and are typically written for compliance regulations; they show the intent for a set of actions that a team or organization should follow. A standard is taking...