Frameworks

Question 1

Cybersecurity Framework

Answer 1

Framework core: 5 functions, 22 categories, 98 subcategories

Implementation tier:
Partial, Risk informed, repeatable, adaptive

Question 2

MITRE ATT&CK (Adversarial Tactics, Techniques, & Common Knowledge)

Answer 2

1. Initial access
2. Execution
3. Persistence
4. Privilege escalation
5. Defense evasion
6. Credential access
7. Discovery
8. Lateral movement
9. Collection and exfiltration
10. Command and control

Question 3

Cyber Kill Chain

Answer 3

1. Reconnaissance
2. Weaponization
3. Delivery
4. Exploitation
5. Installation
6. Command and control
7. Actions on objectives

Question 4

What are ATT&CK tactics?

Answer 4

An ATT&CK tactic is the highest level objective of an attacker. Tactics give the analyst information on the potential intent of the activity – or answering why an adversary is performing their actions. Tactics represent high-level contextual categories for individual techniques – for example, initial access, execution, persistence.

Question 5

What are ATT&CK techniques?

Answer 5

An ATT&CK technique is how the attacker meets their objectives and also represents what an adversary seeks to gain with their actions. For example an adversary may seek to encrypt or compress data techniques while attempting to perform the Exfiltration tactic