The MITRE Corporation. (n.d.). Getting started | MITRE ATT&CK. This web page provides tips on using the MITRE ATT&CK Framework, including a short video, e-book, technical papers, uses cases, and additional resources. The video and Getting Started with ATT&CK eBook are directly relevant to the evaluation of the organization’s needs based on industry. The video and e-book are valuable tools to have as a reference.
The MITRE Corporation. (n.d.). Groups. | MITRE ATT&CK. MITRE is a direct partner of government, receiving billions of dollars for their threat analysis work. The MITRE ATT&CK team uses the term, "Group" to refer to a cluster of adversary activity. This section of the website is an authoritative collection of foreign data criminals and nation-state adversaries and their activities.
Kwon, R., Ashley, T., Castleberry, J., Mckenzie, P., & Gupta G. S. N. (2020). Cyber threat dictionary using MITRE ATT&CK matrix and NIST cybersecurity framework mapping. 2020 Resilience Week (RWS), 106–112. This article provides demonstrative examples of how attack-defense documentation matrices are mapped between the MITRE ATT&CK and NIST cybersecurity frameworks.
Williams, D. (2020). The MITRE ATT&CK Framework: Where Do You Start? ISSA Journal, 18(9), 17–21. This article describes the value in using the MITRE ATT&CK framework to measure the effectiveness of your organization’s ability to identify, detect, and prevent cyber intrusions.
The resources below are highly suggested, optional readings that will help you with this week’s assignments.
Siegel, C. A., & Sweeney, M. (2020). Cyber strategy: Risk-driven security and resiliency. Auerbach Publications. This e-book describes cybersecurity strategies using several industry-standard frameworks discussed in this class. Some of the topics detailed are cyber risks and controls, current and target statement assessments, and measuring cybersecurity plan performance. This e-book is a valuable tool to have as a reference and specific chapters are valuable resources for the weekly assignments.