Using MITRE Att@ck to evaluate security posture
Dec 23rd, 2018 by Jesper Kråkhede
A customer of mine have asked me to device a security strategy for them. This will be an interesting task. The background to this assignment was that I was doing a presentation of cost effective security management using MITRE Att@ck as an example to prioritise your actions. After the presentation their CISO came up to me and asked if I had time to help them with a few weeks assignment. They are currently in the process of creating the plan for the following years and update the way they are tackling the security threats and would like to bring in smarter ways of managing security.
My task in this assignment will be to help them create a framework containing the needed policies, processes and methods to enable a good measurable security posture using my way of thinking as a template. This will be interesting and I´ll post the results here later in January.
When I first read about MITRE Att@ck I realized it was good stuff, but I didn´t expect a major company to adopt it so fast. ?