You're reading from Aligning Security Operations with the MITRE ATT&CK Framework Level up your security operations center for better security

Product type Paperback

Published in May 2023

Publisher Packt

ISBN-13 9781804614266

Length 192 pages

Edition 1st Edition

Concepts

Cybersecurity

Author (1):

Rebecca Blair

View More author details

Table of Contents (18) Chapters

Preface

1. Part 1 – The Basics: SOC and ATT&CK, Two Worlds in a Delicate Balance

2. Chapter 1: SOC Basics – Structure, Personnel, Coverage, and Tools FREE CHAPTER

3. Chapter 2: Analyzing Your Environment for Potential Pitfalls

4. Chapter 3: Reviewing Different Threat Models

5. Chapter 4: What Is the ATT&CK Framework?

6. Part 2 – Detection Improvements and Alignment with ATT&CK

7. Chapter 5: A Deep Dive into the ATT&CK Framework

8. Chapter 6: Strategies to Map to ATT&CK

9. Chapter 7: Common Mistakes with Implementation

10. Chapter 8: Return on Investment Detections

11. Part 3 – Continuous Improvement and Innovation

12. Chapter 9: What Happens After an Alert is Triggered?

13. Chapter 10: Validating Any Mappings and Detections

14. Chapter 11: Implementing ATT&CK in All Parts of Your SOC

15. Chapter 12: What’s Next? Areas for Innovation in Your SOC

16. Index

Why subscribe?

17. Other Books You May Enjoy

Reviewing the STRIDE threat model and use cases

The Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation of Privilege (STRIDE) threat model is unique in that it is primarily used for development environments and, for a while, was known for being synonymous with Microsoft because it was created by two Microsoft employees, Loren Kohnfelder and Praerit Garg. Each of the six categories in this model can be correlated to a core security concept that the authors tried to focus on. The concepts are like the confidentiality, integrity, and availability (CIA) triad.

The CIA triad is used to guide security policies and guidelines based on what is more important in your organization. This simple model is the basis for all security in that it provides a core focus for making security decisions based on how you value those three principles. Confidentiality is the principle of keeping data and systems private and can be linked to items like the principle...