Introduction
You might recall from the last chapter, the Attack-Centric Strategy had the highest Cybersecurity Fundamentals Scoring System (CFSS) estimated total score. It earned nearly a perfect score with 95 points out of a possible 100. It earned such a high score because it almost fully addresses all the cybersecurity fundamentals, with the exception of social engineering, which can’t really be fully mitigated.
Two popular examples of Attack-Centric frameworks used by security professionals in the industry include the Intrusion Kill Chain (Hutchins, Cloppert, Amin, n.d.) and the MITRE ATT&CK® model (MITRE, n.d.).
In this chapter, I’ll provide an example of how an Attack-Centric Strategy can be implemented. The model I will focus on is the Intrusion Kill Chain framework first pioneered by Lockheed Martin. I have found that security professionals either love or hate this model. I’ve actually had the opportunity to do a couple of big budget implementations...
