Share these talks and lectures with your colleagues
Invite colleaguesPractice paper
Improving likelihood calculation by mapping MITRE ATT&CK to existing controls
Cyber Security: A Peer-Reviewed Journal,
7
(3),
217-228
(2024)
Abstract
Assessing the likelihood of threats is notoriously difficult for assessors. This paper will demonstrate a new, evidence-based approach to leverage existing security control assessments in determining likelihood of specific MITRE ATT&CK adversarial tactics, techniques and procedures (TTPs). Through automation, we can develop organisation-specific threat profiles for known adversaries and assist in strategic security programme management.
Keywords: risk management; likelihood; cyber security; NIST; MITRE ATT&CK; strategy; threats; vulnerabilities; security controls
The full article is available to subscribers to the journal.
Author's Biography
Gerald Beuchelt is the Chief Information Security Officer (CISO) for Sprinklr’s products and corporate assets. In his prior role as CISO for LogMeIn (GoTo) he was responsible for the security, compliance and technical privacy of LogMeIn’s products and corporate assets. Gerald has served on boards for commercial companies and non-profit organisations, including InfraGard and the National Cyber Security Alliance.
Sonal Agrawal is the Director of Governance, Risk and Compliance (GRC) at Sprinklr. She has over 15 years’ experience with governance, risk and compliance management, audit, project and programme management. Sonal has experience implementing the strategy and innovative compliance initiatives to streamline processes for organisations.
