Improving likelihood calculation by mapping MITRE ATT&CK to existing controls

Gerald Beuchelt and Sonal Agrawal
Additional contact information
Gerald Beuchelt: Sprinklr, USA
Sonal Agrawal: Sprinklr, USA

Cyber Security: A Peer-Reviewed Journal, 2024, vol. 7, issue 3, 217-228

Abstract: Assessing the likelihood of threats is notoriously difficult for assessors. This paper will demonstrate a new, evidence-based approach to leverage existing security control assessments in determining likelihood of specific MITRE ATT&CK adversarial tactics, techniques and procedures (TTPs). Through automation, we can develop organisation-specific threat profiles for known adversaries and assist in strategic security programme management.

Keywords: risk management; likelihood; cyber security; NIST; MITRE ATT&CK; strategy; threats; vulnerabilities; security controls (search for similar items in EconPapers)
JEL-codes: M15 (search for similar items in EconPapers)
Date: 2024
References: Add references at CitEc
Citations:

Downloads: (external link)
https://hstalks.com/article/8270/download/ (application/pdf)
https://hstalks.com/article/8270/ (text/html)
Requires a paid subscription for full access.

Related works:
This item may be available elsewhere in EconPapers: Search for items with the same title.

Export reference: BibTeX RIS (EndNote, ProCite, RefMan) HTML/Text

Persistent link: https://EconPapers.repec.org/RePEc:aza:csj000:y:2024:v:7:i:3:p:217-228

Access Statistics for this article

More articles in Cyber Security: A Peer-Reviewed Journal from Henry Stewart Publications
Bibliographic data for series maintained by Henry Stewart Talks ().