Category

Mappings

Threat-Informed Defense for the Financial Sector

The Cyber Risk Institute Profile is a distillation of the NIST Cybersecurity Framework tailored to address the financial services sector’s regulatory environment. Financial institutions, financial services companies, financial firms, and their third-party providers use the CRI Profile …

Continue reading

Threat-Informed Defense for the Financial Sector

Connect adversarial threat mitigations to cybersecurity program resources tailored to the financial sector, namely the Cyber Risk Institute Profile.

Continue reading

Prioritize Known Exploited Vulnerabilities

Prioritize Known Exploited Vulnerabilities shows defenders how to take a threat informed approach to vulnerability management.

Continue reading

Put Your Money Where Your Adversaries Are: Exploited Vulnerabilities

Historically, vulnerability management and threat management have been separate disciplines, but in a risk-focused world, they need to be brought together.

Continue reading

Security Stack Mappings – Hardware-Enabled Defense

The Security Stack Mappings – Hardware-Enabled Defense project demonstrates full stack threat-informed defense, from the hardware board to the software bytes.

Continue reading

Stacked Defense from the Hardware Up

The Security Stack Mappings – Hardware-Enabled Defense project demonstrates full stack threat-informed defense, from the hardware board to the software bytes.

Continue reading

The Best Defense is a Security Capability Mapped to ATT&CK

The Security Stack Mappings – Hardware-Enabled Defense project demonstrates full stack threat-informed defense, from the hardware board to the software bytes.

Continue reading

Security Stack Mappings – Microsoft 365 Mappings

The project presents a comprehensive mapping of M365’s native security features against the MITRE ATT&CK® framework, detailing how these capabilities can protect, detect, and respond to cyber threats. By reviewing M365 documentation, the project identifies security actions that can mitigate …

Continue reading

Mappings Explorer

Mappings Explorer is a hub for defenders to explore security capabilities mapped to MITRE ATT&CK®. This singular resource enables cyber defenders to understand how security controls and capabilities protect against the adversary behaviors catalogued in the ATT&CK knowledge base. Our mappings …

Continue reading

Center Conversations: Bridging VERIS and ATT&CK to Improve Incident Classification

The Center for Threat-Informed Defense collaborated with Verizon and Siemens to combine the common language of ATT&CK with the incident model of VERIS. Bridging these two communities enables improved understanding of incidents and threats.

In this Center Conversation, Alex Pinto and Phil …

Continue reading