You're reading from Aligning Security Operations with the MITRE ATT&CK Framework Level up your security operations center for better security

Product type Paperback

Published in May 2023

Publisher Packt

ISBN-13 9781804614266

Length 192 pages

Edition 1st Edition

Concepts

Cybersecurity

Author (1):

Rebecca Blair

View More author details

Table of Contents (18) Chapters

Preface

1. Part 1 – The Basics: SOC and ATT&CK, Two Worlds in a Delicate Balance

2. Chapter 1: SOC Basics – Structure, Personnel, Coverage, and Tools FREE CHAPTER

3. Chapter 2: Analyzing Your Environment for Potential Pitfalls

4. Chapter 3: Reviewing Different Threat Models

5. Chapter 4: What Is the ATT&CK Framework?

6. Part 2 – Detection Improvements and Alignment with ATT&CK

7. Chapter 5: A Deep Dive into the ATT&CK Framework

8. Chapter 6: Strategies to Map to ATT&CK

9. Chapter 7: Common Mistakes with Implementation

10. Chapter 8: Return on Investment Detections

11. Part 3 – Continuous Improvement and Innovation

12. Chapter 9: What Happens After an Alert is Triggered?

13. Chapter 10: Validating Any Mappings and Detections

14. Chapter 11: Implementing ATT&CK in All Parts of Your SOC

15. Chapter 12: What’s Next? Areas for Innovation in Your SOC

16. Index

Why subscribe?

17. Other Books You May Enjoy

Scaling to the future

Scaling as a team is a concept that has always been around, but has been the primary focus of only senior-level leaders. In my experience, I’ve seen a shift in the past few years, and more mid-level leaders and individual stakeholders have been involved in scaling and roadmap planning. I’ve also, fortunately, had the experience of building multiple teams from the ground up. When creating the team, we established team norms, a vision and mission, and a charter so we understood the role of the team. When it came time to scale after making the initial hires, I loosely followed these steps:

Evaluated the capabilities of the team members
Projected out hiring for expanded operations and coverage and created an operations model
Ensured there was cross-team collaboration in place, including policies and procedures
Started an employee development and learning plan
Filled our cybersecurity tool gaps

For the first step, Evaluated...