Assessing the likelihood of threats is notoriously difficult for assessors. This session will demonstrate a new, evidence-based approach to leverage existing security control assessments in determining likelihood of specific MITRE ATT&CK TTPs. Through automation, we can not only develop organization-specific threat profiles for known adversaries, but also assist in strategic security program management.


RSAC 2023 brought together thousands of cybersecurity professionals for four incredible days of expert perspectives, groundbreaking innovation, and best practices. 

Improve Likelihood Calculation by Mapping MITRE ATT&CK to Existing Controls

Conference: RSA Conference 2023

Authors: Sonal Agrawal, Gerald Beuchelt

Abstract

Post a comment

Related work