You're reading from Aligning Security Operations with the MITRE ATT&CK Framework Level up your security operations center for better security

Product type Paperback

Published in May 2023

Publisher Packt

ISBN-13 9781804614266

Length 192 pages

Edition 1st Edition

Concepts

Cybersecurity

Author (1):

Rebecca Blair

View More author details

Table of Contents (18) Chapters

Preface

1. Part 1 – The Basics: SOC and ATT&CK, Two Worlds in a Delicate Balance

2. Chapter 1: SOC Basics – Structure, Personnel, Coverage, and Tools FREE CHAPTER

3. Chapter 2: Analyzing Your Environment for Potential Pitfalls

4. Chapter 3: Reviewing Different Threat Models

5. Chapter 4: What Is the ATT&CK Framework?

6. Part 2 – Detection Improvements and Alignment with ATT&CK

7. Chapter 5: A Deep Dive into the ATT&CK Framework

8. Chapter 6: Strategies to Map to ATT&CK

9. Chapter 7: Common Mistakes with Implementation

10. Chapter 8: Return on Investment Detections

11. Part 3 – Continuous Improvement and Innovation

12. Chapter 9: What Happens After an Alert is Triggered?

13. Chapter 10: Validating Any Mappings and Detections

14. Chapter 11: Implementing ATT&CK in All Parts of Your SOC

15. Chapter 12: What’s Next? Areas for Innovation in Your SOC

16. Index

Why subscribe?

17. Other Books You May Enjoy

Prioritization of efforts to increase efficiency

Prioritization can be made using a variety of approaches, and it sometimes can come down to a feeling. For the record, when possible, you should use a quantitative method for prioritization, primarily based on capabilities. To start with, you need to have your gaps identified. That can be done through a risk registry, a purple team exercise, an audit, and so on. From there, you need to take a look at your resources; this includes the current technical capabilities, the personnel and their skill sets, the budget constraints to upgrade or bring in new tools and services, and the work cycles you have available or can make available. After you take a look at your resources, you want to then begin assigning prioritization and scoping out levels of effort, potential fixes, and stakeholders. One helpful tool is to diagram and actually write down the risks. If we were to step through a process, we could start with the following gaps:

...