• MSP Partners
  • Consultancy
    • Cyber Maturity Assessment
    • CREST Penetration Testing
    • Cloud Security
    • Cyber Security
    • Data Protection
    • DevOps
    • Secure Design
    • UK Government (HMG)
  • Certification
    • Cyber Essentials
    • Cyber Essentials Plus
    • IASME Cyber Assurance
    • ISO 27001
  • Services
    • Dark Web Monitoring
    • Security Awareness Training
    • Vulnerability Scanning
    • CS-360 Managed Service
  • About
    • About us
    • Work with us
    • Our Blog
    • Social Value
  • Contact us
  • Linkedin
  • Twitter
Cyber Security Specialists
  • MSP Partners
  • Consultancy
    • Cyber Maturity Assessment
    • CREST Penetration Testing
    • Cloud Security
    • Cyber Security
    • Data Protection
    • DevOps
    • Secure Design
    • UK Government (HMG)
  • Certification
    • Cyber Essentials
    • Cyber Essentials Plus
    • IASME Cyber Assurance
    • ISO 27001
  • Services
    • Dark Web Monitoring
    • Security Awareness Training
    • Vulnerability Scanning
    • CS-360 Managed Service
  • About
    • About us
    • Work with us
    • Our Blog
    • Social Value
  • Contact us
Menu

Threat Modelling with MITRE ATT&CK®

Posted on Sunday, October 25th, 2020 at 11:31 am

First of all – why is threat modelling important when implementing programs of change?

Whether it be a Web Application or Hosting infrastructure project, to identify issues as early in the lifecycle as possible is massively important.  Threat modelling is an invaluable tool when used early on in the design phase – before any infrastructure of application code is written.  With the potential threats and associated risks identified, Security Architects and Software Engineers can address them during development instead of after.

DevOps & Software engineers can also put in compensating controls that lessen the likelihood of a vulnerability being exploited and/or lessen the impact of an exploit.

It is generally understood that shifting security to the left is an important way of securing workloads and producing higher quality services. Threat modelling is yet another tool in the Secure Design toolbox.

What is MITRE?

MITRE ATT&CK® is a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations.

The ATT&CK knowledgebase is used as a foundation for the development of specific threat models and methodologies in the private sector, in government, and in the cybersecurity product and service community.

The video below provides a great overview:

While there are many ways to use ATT&CK, using it for an assessment of your Cyber defense capability is one of the important ones.

In the framework, there are twelve main areas of tactics and a number of techniques under each of these areas:

ATT&CK Navigator is a great tool to start assessment of your current capability of defending against different types of attacks, find gaps, and adjust your strategy and roadmap accordingly.

Useful Links

  • https://attack.mitre.org
  • https://owasp.org/www-community/Application_Threat_Modeling
  • https://www.ncsc.gov.uk/collection/cyber-security-design-principles/establish-the-context-before-designing-a-system
  • https://csrc.nist.gov/publications/detail/sp/800-154/draft

Our accreditations & Certifications

Consultancy

  • Cyber Maturity Assessment
  • CREST Penetration Testing
  • Cyber Security
  • Cloud Security
  • Data Protection
  • DevOps
  • Secure Design
  • UK Government (HMG)

Certification

  • ISO 27001
  • Cyber Essentials
  • Cyber Essentials Plus
  • IASME Cyber Assurance

Services

  • Dark Web Monitoring
  • Security Awareness Training
  • Vulnerability Scanning
  • CS-360 Managed Service

Contact

Suite 1, Unit 10
Altrincham Business Park
Altrincham
Manchester
WA14 5GL

info@cybersecurityspecialists.co.uk
0161 706 0244

  • Linkedin
  • Twitter
© 2023 Cyber Security Specialists
  • Privacy Policy
Web Design by Carbon Creative