You're reading from Aligning Security Operations with the MITRE ATT&CK Framework Level up your security operations center for better security

Product type Paperback

Published in May 2023

Publisher Packt

ISBN-13 9781804614266

Length 192 pages

Edition 1st Edition

Concepts

Cybersecurity

Author (1):

Rebecca Blair

View More author details

Table of Contents (18) Chapters

Preface

1. Part 1 – The Basics: SOC and ATT&CK, Two Worlds in a Delicate Balance

2. Chapter 1: SOC Basics – Structure, Personnel, Coverage, and Tools FREE CHAPTER

3. Chapter 2: Analyzing Your Environment for Potential Pitfalls

4. Chapter 3: Reviewing Different Threat Models

5. Chapter 4: What Is the ATT&CK Framework?

6. Part 2 – Detection Improvements and Alignment with ATT&CK

7. Chapter 5: A Deep Dive into the ATT&CK Framework

8. Chapter 6: Strategies to Map to ATT&CK

9. Chapter 7: Common Mistakes with Implementation

10. Chapter 8: Return on Investment Detections

11. Part 3 – Continuous Improvement and Innovation

12. Chapter 9: What Happens After an Alert is Triggered?

13. Chapter 10: Validating Any Mappings and Detections

14. Chapter 11: Implementing ATT&CK in All Parts of Your SOC

15. Chapter 12: What’s Next? Areas for Innovation in Your SOC

16. Index

Why subscribe?

17. Other Books You May Enjoy

Reviewing the Trike threat model and use cases

The Trike threat model is focused on the objective of threat modeling from a risk standpoint. This type of threat model is typically paired with risk registries so that it can be targeted to the specific risks and needs that you perceive. Most of the time, these threat models are tied to auditing or compliance requirements, and they are based on the specific requirements of the organization. It combines those requirements with risk owners and establishes the level of acceptable risk. It differs from the PASTA and STRIDE models because it is a risk-based approach instead of utilizing the systems and attack approach of the other models. The point of this model is to accomplish the following:

Communicate what the risks are within the organization
Determine the acceptable risk threshold with input from all stakeholders for the organization
Establish the risk owners for the applicable risks, to be held accountable for mitigations...